Multiple High Risk Vulnerabilities in all Magento 1 Websites

magento-security-patches

A large number (seventeen in total !) of security vulnerabilities have recently been announced by Magento, many of which are rated as critical and high and should therefore be patched as soon as possible using patch SUPEE-8788. Using the following release versions, Community Edition 1.9.3 or Enterprise Edition 1.14.3, are alternate ways to fix these issues.

Full details of all vulnerabilities can be see here, but those rated critical or high are listed below

APPSEC-1484 – Remote Code Execution in checkout

Rated at 9.8 (Critical) – With some payment methods it might be possible to execute malicious PHP code during checkout.

APPSEC-1480 – SQL injection in Zend Framework

Rated at 9.1 (Critical) – A bug in Zend Framework value escaping allows a malicious user to inject SQL through the ordering or grouping parameters. While there are no known frontend entry point vulnerabilities that would allow for a full SQL injection, we’ve found an entry point in the Magento Admin panel, and other entry points most likely exist.

APPSEC-1488 – Stored XSS in invitations

Rated at 8.2 (High) – It is possible to use the Magento Enterprise Edition invitations feature to insert malicious JavaScript that might be executed in the admin context.

APPSEC-1247 – Block cache exploit

Rated at 7.7 (High) – With access to any CMS functionality, an attacker with administrator permissions can use blocks to exfiltrate information stored in cache. This sensitive information includes store configuration, encryption key, and database connection details. Additionally, it might be possible to execute code.

APPSEC-1517 – Log in as another customer

Rated at 7.5 (High) – In certain configurations, it is possible to log in as existing store customer while knowing only his email address, not his password.

Bio
Latest Posts

Havenswift Hosting

This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)

CubeCart PayPal Commerce Plugin Requires Mandatory Phone Number - 14th April 2021
PHP 7.2 Patches are available for Magento 1 - 6th October 2018
New Magento patch released – SUPEE-10888 - 20th September 2018

By Havenswift Hosting on 13 Oct 2016 0 Categories / Magento Hints & Tips, Security Announcements