Remote Code Execution: A Serious Security Threat For Magento Stores!

magento Security Patch

RCE, Remote Code Execution vulnerability poses a serious security threat to Magento based stores. Hackers can take control of an entire Magento store due to this vulnerability. They can access

  • Customers’ personal information
  • Financial information
  • Credit card details

It surely is not. It also allows attackers to add their desired PHP code on the server. Is it OK for the hundreds and thousands of Magento storeowners? The vulnerabilities causing RCE are found in core code of Magento and negatively influence the default settings of Magento Enterprise and Magento Community Editions.

Arbitrary code, added by the hackers to the web server, allows them evading the security measures and accessing the sensitive information of the store whether it is about the customers or the storeowner. It has been increasing the chances of credit card theft.

Understanding the vulnerability, Magento has released a patch, SUPEE-5344, in February 2015, to cope with the issue. It has been 2 months, but still RCE vulnerability is there for 50% of the Magento stores. The worst aspect is all these are ecommerce websites, so a serious threat for their businesses and customers.

Magento platform is serving almost 30% of the total ecommerce market, so RCE vulnerability is there to influence the overall ecommerce industry.

All online storeowners are required to use the patch released by Magento to secure their shops and customers’ trust. Otherwise, it is not the Magento platform; the trust of all online buyers would be shaken.

It has been found that such online criminals are hacking ecommerce data of online stores and sending that to attackers’ site, meant for such malicious purposes. So, all Magento-based storeowners should use the latest version of the software to stay protected from the security breaches.

Magento, owned by eBay, is running more than 200,000 websites; all are vulnerable to RCE unless they install the latest released patch. According to analysts, attackers are using IP addresses, based in Russia, to access Magento applications that not using the patch. They first take hold of the administrator area by creating a fake user, later on go to foothold of the site for a complete control.

The exploit code contains an SQL injection causing an attack and placing a fake “admin-user” into the website database. The most common usernames used by the exploit are vpwq and defaultmanager. If there is any such name in the system’s database, be sure there is the hackers’ attack.

Are you protected from hackers’ attack at your Magento store? Have you installed the Patch? If not, do it right now! It is not just for your store’s safety, but also for the whole ecommerce world.