Acelle - Email Marketing Web Application

Acelle - Email Marketing Web Application v4.0.26-p87

No permission to download

jpond262176

Active member
May 4, 2022
210
66
28
Did it say what the malicious code is? If people on here are found to be spreading bad code they need banning straight away to stop them spreading more.

Sometimes you can get a false positive so the code may need checking.

I have just did a check with immunufy360 and there was something in /vendor/louis/log-view/resources/views/filemanager/index.blade.php that give root access.

My immunfy360 cleaned this file up. Check is needed.
 
Last edited:
  • Like
Reactions: Azarock35

Azarock35

Member
Dec 29, 2020
88
38
18
Did it say what the malicious code is? If people on here are found to be spreading bad code they need banning straight away to stop them spreading more.

Sometimes you can get a false positive so the code may need checking.

I have just did a check with immunufy360 and there was something in /vendor/louis/log-view/resources/views/filemanager/index.blade.php that give root access.

My immunfy360 cleaned this file up. Check is needed.
I'm not buying the license precisely .. it's $ 5 I'll take it.
 

Azarock35

Member
Dec 29, 2020
88
38
18
@Tomz
it's serious there is a code that allows access to the server I have plesk so I have good security but those who do not have security must be in danger..

you must remove the script & ban the user I don't know who added this code / script but not the seller.
 

Azarock35

Member
Dec 29, 2020
88
38
18
Did it say what the malicious code is? If people on here are found to be spreading bad code they need banning straight away to stop them spreading more.

Sometimes you can get a false positive so the code may need checking.

I have just did a check with immunufy360 and there was something in /vendor/louis/log-view/resources/views/filemanager/index.blade.php that give root access.

My immunfy360 cleaned this file up. Check is needed.
I deleted the subdomain with the files or installed acelle mail .. I will check the LOGs to see if there is a suspicious connection
 

jpond262176

Active member
May 4, 2022
210
66
28
Luckily I had this on it's own sub domain so there was nothing else they could access apart from this application.

EDIT: Found it! I think. The little basted!

It's a Tiny File Manager that gives access to the directories for upload. I pasted the code from index.blade.php.

it's in the download attachment under acelle-email-marketing-web-application-4.0.24_LTS.

\app\Model\Plugin.php references index.blade.php as well on line 565.
I have removed this application / sub domain completely until fully investigated.
 
Last edited:
  • Like
Reactions: Azarock35

Azarock35

Member
Dec 29, 2020
88
38
18
okay, I prefer not to take any risks if there are other virus codes in it...

I will buy directly or take another similar script
but I think it was the op who added the code or its source.
 

Mscv50

! 𝖎'𝖒 𝖜𝖆𝖙𝖈𝖍𝖎𝖓𝖌 𝖞𝖔𝖚 !
Babiato Lover
GiveAway Master
Trusted Uploader
Jan 10, 2020
3,712
18,802
113
🦇The Dark Night🦇
okay, I prefer not to take any risks if there are other virus codes in it...

I will buy directly or take another similar script
but I think it was the op who added the code or its source.
Is not always the case , a lot of Dev's also use this kind jokes to fight piracy lol
 

Azarock35

Member
Dec 29, 2020
88
38
18
Is not always the case , a lot of Dev's also use this kind jokes to fight piracy lol
yes end you have to delete it in this case .. you remove the virus code then publish it ...

it's not funny if our servers are hacked .. there is clearly a problem with the script you must take action ..
 
  • Wow
Reactions: Mscv50

jpond262176

Active member
May 4, 2022
210
66
28
Is not always the case , a lot of Dev's also use this kind jokes to fight piracy lol

I never knew this, I didn't think the devs would be that cruel. They not loosing money really because people just won't buy it in the first place. If it's used it gets out there more I would think.

These scripts are not cheap but I guess the upkeep of them isn't cheap either.
 

Mscv50

! 𝖎'𝖒 𝖜𝖆𝖙𝖈𝖍𝖎𝖓𝖌 𝖞𝖔𝖚 !
Babiato Lover
GiveAway Master
Trusted Uploader
Jan 10, 2020
3,712
18,802
113
🦇The Dark Night🦇
yes end you have to delete it in this case .. you remove the virus code then publish it ...

it's not funny if our servers are hacked .. there is clearly a problem with the script you must take action ..
Honestly, i can't answer your criticisms but you have to know one thing,
the purpose of all resources on here = try it before you buy it !

@Medw1311 @TassieNZ @Tomz please check this out
 

phpCore

ReLOADED
Trusted Uploader
Banned User
Jun 6, 2020
1,511
1,657
120
127.0.0.1/::1
I never knew this, I didn't think the devs would be that cruel. They not loosing money really because people just won't buy it in the first place. If it's used it gets out there more I would think.

These scripts are not cheap but I guess the upkeep of them isn't cheap either.

For example the famous V3Cube script contain many shell scripts
 

jpond262176

Active member
May 4, 2022
210
66
28
so the developer can really access the server through a backdoor?

If that was the case i'm fairly sure they can be sued. In fact I know they could because for a developer to make back doors while using their software without telling the users. Certain countries will take them to the cleaners if the devs are doing this.
 
Last edited:

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu