It has come to our attention at 121ecommerce that a new group of vulnerabilities have been discovered on several Magento products. This essentially translates to hackers using SQL injection methods to hack into and take over the Magento admin.
SUPEE-7405 fixes these high-risk to critical security issues. According to Magento’s security release, this patch is actually a bundle of patches for Magento 1.x stores.
It is reported that this Cross-site Scripting critical vulnerability is a leak during customer registration on the storefront. The hacker can steal an administrator session or act on behalf of a store administrator via this leak.
Any store on a Magento CE platform earlier than 220.127.116.11 and Magento EE earlier than 18.104.22.168 is affected. Later Magento versions are not at risk.
Any store on a Magento CE platform earlier than 22.214.171.124 and Magento EE earlier than 126.96.36.199, as well as Magento 2 CR & EE earlier than 2.0.1 is affected. Later Magento versions are not at risk.
Above we detailed the Critical Severity issues this SUPEE-7405 magento security patch fixes. Below is a list of the High Severity issues fixed the by the patch:
An additional 10 medium-risk vulnerabilities and 4 low-risk vulnerabilities were fixed in this SUPEE7405 Magento security patch.
You can scan your site to see if it is vulnerable by checking your website URL on this site: https://www.magereport.com/
Have questions? Concerns about the security of your Magento site? Contact us to ascertain the safety of your website.