Magento recently identified potential exploits that:

Enable an attacker to execute arbitrary code on your Magento server.
Create files with a .csv extension, create writable directories, and change the permission of existing files to world-writable (777).
The following table shows the patch you should get for your version of CE or EE. :

VERSION PATCH
EE 1.13 and 1.14, CE 1.8 and 1.9 SUPEE-1533_EE_1.13.x_v1.patch
EE 1.12, CE 1.7 SUPEE-1533_EE_1.12.x_v1.patch
EE 1.11, CE 1.6 SUPEE-1533_EE_1.11.x_v1.patch
EE 1.10.1, CE 1.5.1 SUPEE-1533_EE_1.10.1.x_v1.patch
EE 1.10.0.1, CE 1.5.0.1 SUPEE-1533_EE_1.10.0.x_v1.patch
EE 1.9 SUPEE-1533_EE_1.9.x_v1.patch

Here are some informations about the patch installation on official Magento website :

How to apply a patch on Magento Community Edition?
How to apply a patch on Magento Enterprise Edition?

And, to finish, the official post about the exploit, and the way to patch it

Resolving a Remote Code Execution Exploit
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to ensure that we give you the best experience on our website.
Ok