There’s a serious vulnerability in the Magento platform.
Check Point researchers recently discovered a critical vulnerability in the Magento web e-commerce platform.
The Remote Code Execution (RCE) can lead to the complete compromise of any Magento-based store. This could affect nearly two hundred thousand online shops.
A patch to address the flaws was released on February 9, 2015. We urge store owners and administrators to apply the patch immediately if they haven’t done so already.
Here’s a useful video that explains how the vulnerability can be exploited:
Several Vulnerabilities Together
The vulnerability is a chain of several vulnerabilities. They allow an unauthenticated attacker to execute PHP code on the web server. The attacker can then bypass all security mechanisms and gain control of the store and its database. All the vulnerabilities are present in the Magento core. So, it affects any default installation of both Community and Enterprise Editions.
So, to protect yourself from this vulnerability, make sure you have applied the latest patches.
For a technical breakdown of the Magento vulnerability, take a look at the Check Point blog.
Please let us know if you find these security updates useful. Leave a comment below.