Magento Exploits on the Rise?

Posted on

  • email
  • twitter
  • facebook
  • share this

share this


A rather serious exploit/bug emerged in the Magento eCommerce platform recently and it is causing some concern for Internet sellers who use the incredibly popular platform.

The problem is that, while the bug was patched somewhat quickly, there might be additional problems that could put online merchants further at risk. Sucuri, a security research firm, found the bug and noted that said bug could be used to bring in JavaScript code in customer registration forms that could later be used against said customers.


 SUBSCRIBE to Website Magazine & Accelerate 'Net Success


The XSS bug was found in every version of Magento Community Edition before 1.9.2.3, and in the Enterprise Edition before 1.14.2.3. The exploited portion was found in the administrator’s backend, which made for a potentially serious problem. Unless behind a Web application firewall (WAF), or otherwise operating a really customized environment that might have surpassed the problem it might essentially open up administrator privileges to any hacker.

If Magento users install the newly developed patch, that should be the end of the problem, at least for this particular iteration. Magento exploits seem to be on the rise so it would be wise for online retailers using the platform, as well as developers and IT working in and around that environment to keep close tabs on emerging threats. 

Login To Comment


Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

1 comment

Showbox 02-10-2016 12:10 AM

Modern organizations that use Magento, also need other subsystems to perform tasks that Magento is not programmed/not intended. For example, for the accounting reporting of organizations using accounting systems such as Quickbooks, POS systems such as Microsoft RMS, iVend, Lightspeed Retail to real shops ERP (SAP Business One, OpenERP, MS Dynamics NAV). For order processing, accounting and full business cycle management also uses the system implementation, tax management system, such as Avalara, Exactor, and so on. For data flows and better management of information in organizations is often used Plugins/Extensions, which connect the ERP system with Magento eCommerce sites.

Add to the discussion!

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com

Facebook


Twitter