Security Alert – 4/30/2015 – Magento code execution vulnerability

Magento Critical Vulnerability

Issue: Magento has discovered a code-execution hole in both the community and enterprise editions.
Status:Update has been released.
Who is impacted?Community and Enterprise editions of Magento.

Why was this update released?

The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new admin accounts inside the Magento databases. Sucuri reports that the extra admin accounts are being accessed later to steal customer information from the database.

You can read more from the Sucuri blog.

What should I do?

WordPress strongly encourages you to update your sites immediately. Look for the SUPEE-5344 download link to patch your site.


It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!

Was this article helpful? Let us know!