{"id":3564,"date":"2015-05-18T14:55:29","date_gmt":"2015-05-18T14:55:29","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2015\/05\/18\/magento-security-alert-may-15-patch-5994\/"},"modified":"2015-05-18T14:55:29","modified_gmt":"2015-05-18T14:55:29","slug":"magento-security-alert-may-15-patch-5994","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/","title":{"rendered":"Magento Security Alert"},"content":{"rendered":"<p class=\"alert alert-danger\"><b>Who is affected?<\/b> &#8211; Users of Magento Community Edition and Enterprise Edition.<\/p>\n<p class=\"alert alert-success\"><b>Have these issues been addressed?<\/b> &#8211; The SUPEE-5994 Patch Bundle covers eight different issues that are listed in the article below.  <\/p>\n<h2>SUPEE-5994 Patch Bundle<\/h2>\n<p>On May 14, 2015 Magento released a bundle of eight patches that addresses the following issues:<\/p>\n<ul>\n<li><b>Admin Path Disclosure<\/b> &#8211; Patch addresses internal information leakage where an attacker can force the Admin Login page to appear by directly calling a module, regardless of the URL.This exposes the Admin URL on the page, and makes it easier to initiate password attacks. <\/li>\n<li><b>Customer Address Leak through Checkout<\/b> &#8211; Information leak that enables an attacker to obtain address information from the address books of other store customers during the checkout process. <\/li>\n<li><b>Customer Information Leak through Recurring Profile<\/b> &#8211; Information leak that allows an attacker to use fake image URLs to  expose internal server paths. <\/li>\n<li><b>Local File Path Disclosure Using Media Cache<\/b> &#8211; Local File Path Disclosure Using Media Cache; Attacker can use fictitious image URLs to generate exceptions that expose internal server paths, regardless of settings. <\/li>\n<li><b>Cross-site Scripting Using Authorize.Net Direct Post Module<\/b> &#8211; Cross-site scripting (XSS) that enables an attacker to execute JavaScript in a customer session. If a customer clicks a malicious link, the attacker can steal cookies and hijack the session.<\/li>\n<li><b>Spreadsheet Formula Injection<\/b> &#8211; Formula injection is used to insert formulas into spreadsheets.  The formula is able to modify data, export personal data to another site, or cause remote code execution.<\/li>\n<li><b>Malicious Package Can Overwrite System Files<\/b> &#8211; Attacker creates a malicious extension package that can be installed by a customer.  Extension can include functionality to overwrite files and then install programming used to gather data or alter data within Magento. <\/li>\n<\/ul>\n<p> <i>Source: <a href=\"https:\/\/merch.docs.magento.com\/ce\/user_guide\/Magento_Community_Edition_User_Guide.html?mkt_tok=3RkMMJWWfF9wsRojuaTKc%2B%2FhmjTEU5z16uwlXqS2hpZ41El3fuXBP2XqjvpVQcdlML7HRw8FHZNpywVWM8TIL9kXt9BlJAzqD2w%3D#magento\/patch-releases-2015.html\" target=\"_blank\">Magento Community Edition 2015 Patches &#8211; SUPEE-5994 Patch Bundle 5994<\/a> <\/i> <\/p>\n<p>The patch provided by Magento covers both its <i>Community Edition<\/i> and <i>Enterprise Edition<\/i> of the software.  If you have not applied these patches, it is urgent that you apply it as soon as possible. In order to get the this patch bundle, please go to <a href=\"https:\/\/www.magentocommerce.com\/products\/downloads\/magento\/\" target=\"_blank\">Magento &#8211; Downloads<\/a>.  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Who is affected? &#8211; Users of Magento Community Edition and Enterprise Edition. Have these issues been addressed? &#8211; The SUPEE-5994 Patch Bundle covers eight different issues that are listed in the article below. SUPEE-5994 Patch Bundle On May 14, 2015 Magento released a bundle of eight patches that addresses the following issues: Admin Path Disclosure<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\"> Read More ><\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[72,4299],"tags":[],"class_list":["post-3564","post","type-post","status-publish","format-standard","hentry","category-magento","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Magento Security Alert | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Magento Security Alert | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-05-18T14:55:29+00:00\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/8d626175dd3b70ee90a172bdb09a460b\"},\"headline\":\"Magento Security Alert\",\"datePublished\":\"2015-05-18T14:55:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\"},\"wordCount\":348,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Magento\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\",\"name\":\"Magento Security Alert | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2015-05-18T14:55:29+00:00\",\"description\":\"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Magento Security Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/8d626175dd3b70ee90a172bdb09a460b\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/arn\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Magento Security Alert | InMotion Hosting","description":"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/","og_locale":"en_US","og_type":"article","og_title":"Magento Security Alert | InMotion Hosting","og_description":"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).","og_url":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2015-05-18T14:55:29+00:00","author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/8d626175dd3b70ee90a172bdb09a460b"},"headline":"Magento Security Alert","datePublished":"2015-05-18T14:55:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/"},"wordCount":348,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Magento","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/","url":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/","name":"Magento Security Alert | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2015-05-18T14:55:29+00:00","description":"Magento has released a critical security patch bundle that addresses 8 different vulnerabilities with their Community (CE) and Enterprise Editions (EE).","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/magento\/magento-security-alert-may-15-patch-5994\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Magento Security Alert"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/8d626175dd3b70ee90a172bdb09a460b","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/arn\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=3564"}],"version-history":[{"count":0,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3564\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=3564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=3564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=3564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}