I’m hoping this isn’t an indication of some kind of breach/vulnerability.
We recently discovered two orders where the buyers attempted to execute php using the ShipTo name. The code meant to append a line to the pub/health_check.php file. It didn’t work, thankfully.
I was able to view both of these orders in the backend last week. We received notification from our merchant account that a refund was requested for one of these orders last week as well, and since we show we shipped the product and it was received, we’re disputing the refunds.
As of right now I cannot find these orders in the backend. I also checked the DB and they are gone from sales_order_grid. The invoices themselves still exist but when I attempt to view them I see a 404 page not found with a red Magento error (“Invoice capturing error”) at the top. There isn’t a way for a user to delete an order, right?
Any insight would be helpful.