Critical security vulnerability in the shop software Magento – Update SUPEE-5344 is highly recommended

Research of the security company Checkpoint revealed a critical security issue in the shop software Magento.

Hackers that exploit this vulnerability can execute malware and manipulate data or gather private information.

According to our sources, all versions of the Community Edition (CE) from version 1.4.0.0 up to Version 1.9.X are affected.

screenshot-SUPEE-5344-magentocommerce.com

screenshot-SUPEE-5344-magentocommerce.com

Currently, this security vulnerability can only be fixed with a so-called patch. This security patch with the ID „SUPEE-5344“ is available for download on the Magento website.

We will update all 1&1 Safe Mode installations as soon as possible.

All other users of Magento we strongly recommend to patch their Magento immediately.

Applying the Patch (SSH-Method)

Download the patch (SUPEE-5344) that matches your Magento install.

Copy the patch files  (for this example we will use: PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh) via FTP / SSH to DocumentRoot of your Magento install:

InfoEstablish an SSH Connection from a PC (1&1 Help-Center)

scp <local folder/PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh> <username>@<magentodomain>:/<Magento DocumentRoot/>

Login via SSH:

ssh <username>@<magentodomain>

Switch to DocumentRoot of your Magento install:

cd <path to Magento DocumentRoot>

Run the downloaded patch:

sh PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh

A successful update will return the following message:

Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Please clear your caches after patching.

Please rate this post :

2 thoughts on “Critical security vulnerability in the shop software Magento – Update SUPEE-5344 is highly recommended

  1. Willem says:

    After patching, you should verify that all your caches are cleared. Test your vulnerability status at https://shoplift.byte.nl

    1. Philipp Bellmann says:

      Thanks Willem, updated the article.

Leave a Reply

Your email address will not be published. Required fields are marked *