The Magento E-commerce platform, used by numerous online retailers was recently is news for a critical vulnerability.
The security firm Check Point had discovered a massive security flaw in Magento that could have given attackers access to customer’s information and scope of massive data theft. This vulnerability allowed the hackers to work on PHP codes on the web server of the store and divert the platfrom’s security process, giving hackers the administrative access to the system.
The issue was present in Magento’s core. This meant any website that is running on old or default version of Enterprise and Community edition is vulnerable, unless patched with latest security updates. Magento had notified its registered users against this latest security and also sent security patches that were to be updated asap.
Ebay, the owner of Magento E-commerce platform was informed about the vulnerability by Check Point some time back in January this year. However the full disclosure was only made by Check Point on April 22, 2015 after Magento had sufficient time to notify its users and send them updated security patches.
Shahar Tal, Check Point’s Malware and Vulnerability Research Manager was quoted saying through a press realease, “The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores.”
Magento had notified and emailed the security update to all registered accounts. In case you’re using Magento Community or Enterprise Edition you’re open to remote code execution. Therefore, you’re recommended to get the security patched updated at the earliest.