Research of the security company Checkpoint revealed a critical security issue in the shop software Magento.
Hackers that exploit this vulnerability can execute malware and manipulate data or gather private information.
According to our sources, all versions of the Community Edition (CE) from version 188.8.131.52 up to Version 1.9.X are affected.
Currently, this security vulnerability can only be fixed with a so-called patch. This security patch with the ID „SUPEE-5344“ is available for download on the Magento website.
We will update all 1&1 Safe Mode installations as soon as possible.
All other users of Magento we strongly recommend to patch their Magento immediately.
Applying the Patch (SSH-Method)
Download the patch (SUPEE-5344) that matches your Magento install.
Copy the patch files (for this example we will use: PATCH_SUPEE-5344_CE_184.108.40.206_v1-2015-02-10-08-10-38.sh) via FTP / SSH to DocumentRoot of your Magento install:
Info: Establish an SSH Connection from a PC (1&1 Help-Center)
scp <local folder/PATCH_SUPEE-5344_CE_220.127.116.11_v1-2015-02-10-08-10-38.sh> <username>@<magentodomain>:/<Magento DocumentRoot/>
Login via SSH:
Switch to DocumentRoot of your Magento install:
cd <path to Magento DocumentRoot>
Run the downloaded patch:
A successful update will return the following message:
Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully.
Please clear your caches after patching.