Skip to Main Content

Magento Exploits on the Rise?

Posted on 2.03.2016

A rather serious exploit/bug emerged in the Magento eCommerce platform recently and it is causing some concern for Internet sellers who use the incredibly popular platform.

The problem is that, while the bug was patched somewhat quickly, there might be additional problems that could put online merchants further at risk. Sucuri, a security research firm, found the bug and noted that said bug could be used to bring in JavaScript code in customer registration forms that could later be used against said customers.


 SUBSCRIBE to Website Magazine & Accelerate 'Net Success


The XSS bug was found in every version of Magento Community Edition before 1.9.2.3, and in the Enterprise Edition before 1.14.2.3. The exploited portion was found in the administrator’s backend, which made for a potentially serious problem. Unless behind a Web application firewall (WAF), or otherwise operating a really customized environment that might have surpassed the problem it might essentially open up administrator privileges to any hacker.

If Magento users install the newly developed patch, that should be the end of the problem, at least for this particular iteration. Magento exploits seem to be on the rise so it would be wise for online retailers using the platform, as well as developers and IT working in and around that environment to keep close tabs on emerging threats. 

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  • Your Guide to 2017 Sales Tax Changes

    2017 Sales Tax Changes