Security Alert – 4/30/2015 – Magento code execution vulnerability

by Scott Mitchell

0 Minutes, 33 Seconds to Read

Magento Critical Vulnerability

Issue: Magento has discovered a code-execution hole in both the community and enterprise editions.
Status: Update has been released.
Who is impacted? Community and Enterprise editions of Magento.

Why was this update released?

The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new admin accounts inside the Magento databases. Sucuri reports that the extra admin accounts are being accessed later to steal customer information from the database.

You can read more from the Sucuri blog.

What should I do?

WordPress strongly encourages you to update your sites immediately. Look for the SUPEE-5344 download link to patch your site.

Share this Article
Related Articles
10 Magento Security Tips
Changing the Magento 1.6 Login to Case Sensitive
How to Allow Backorders in Magento 1.6
Changing the Year-To-Date Report Dashboard in Magento 1.6
Adding Store Email Addresses to Magento
How to stop Displaying Product Reviews in Magento 1.6
How to Install Magento Manually
Merging Javascript Files in Magento 1.6
How to Edit the Footer in Magento 1.6
Changing the Default Welcome Message in Magento 1.6

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.