I was absent beginning of March when Georges (from
http://cmschecker.d3v.me.uk) identified a possible exploit due to AjaxSearch.
But when I coming back on business, mid march, I did some tests without any success.
I sent a message to Georges to get more informations. Unfortunately I didn’t received any answer.
I did an answer on his forum. My post has never be published and I never received any answer. So until now I haven’t be able to discuss with him about this possible exploit.
I can’t see where the exploit could happen. I do not share his opinion that the exploit can take advantage of the @file and @eval command. But I am ready to move if needed.
And the solution proposed by Georges, is not the solution, because this hamper AjaxSearch’s functionalities.