Magento's Latest Patches Should Be Applied Immediately
If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of websites across the Internet with more than 250,000 merchants using the open source e-commerce platform.
Though most of the reported issues could only be exploited by authenticated users, one of the most severe flaws in Magento is an SQL Injection vulnerability which can be exploited by unauthenticated, remote attackers.
"Unauthenticated attacks, like the one seen in this particular SQL injection vulnerability, are very serious because they can be automated - making it easy for hackers to mount successful, widespread attacks against vulnerable websites," Montpas writes. "The number of active installs, the ease of exploitation and the effects of a successful attack are what makes this vulnerability particularly dangerous." The vulnerabilities are present within the open source and commercial versions of Magento. Magento advised that users should upgrade to versions 2.3.1 or 2.2.8.