Magento Security Patch PRODSECBUG-2198 & SUPEE 11086

Blog

Connect, Educate, Learn, Collaborate...

03Apr
2019

Magento Releases New Security Patches for SQL Injection Vulnerability

When it comes to an Ecommerce store, the first and the foremost concern that comes to our mind the Security. Owing to this, the latest Magento Commerce and Open Source versions – 2.3.1, 2.2.8 and 2.1.17 have multiple security enhancements. They help close Cross-Site Scripting (XSS), Remote Code Execution (RCE) and other vulnerabilities.

Also, the Merchants who have not downloaded or upgraded to Magento 2 must go straight to Magento Open Source 2.3.1 or Magento Commerce 2.3.1.

However, a vital security concern that needs immediate attention of Ecommerce merchants is a SQL injection vulnerability, identified in pre-2.3.1 Magento code. You must install patch PRODSECBUG-2198 to quickly protect your online store from this vulnerability.

But we recommend that you must upgrade to Magento Open Source or Commerce 2.3.1 or 2.2.8 to protect against this as well as other vulnerabilities. Install these full patches immediately.

The security patch for Magento Open Source 1.9.4.1 and Commerce 1.14.4.1, SUPEE-11086 also contain security enhancements to close RCE, XSS, cross-site request forgery (CSRF) and various other vulnerabilities.

The patches and upgrades are available for these Magento versions:

Magento Commerce 1.9.0.0-1.14.4.0: Install SUPEE-11086 or upgrade to Magento Commerce 1.14.4.1.

Magento Open Source 1.5.0.0-1.9.4.0: Install SUPEE-11086 or upgrade to Magento Open Source 1.9.4.1.

You can get more details about the download sources for SUPEE-11086 and PRODSECBUG-2198 from Magento.com.

The SQL Injection vulnerability can lead to major security threats to your store including the extraction of card data by hackers. Install the security patches or upgrade your Magento store by contacting a trusted Magento development service provider like ioVista and get your Ecommerce business safeguarded from any kind of threats and vulnerabilities.

Mike Patel
Mike Patel

Archive