A critical vulnerability in Magento e-commerce was discovered relating to an SQL injection issue and affects all versions of Magento. Magento have released a number of critical patches to fix the issue on the 26th March 2019, which should urgently be applied to ensure that your Magento store is safe from attack.
Hackers publically released code that exploits a critical vulnerability in Magento. The SQL injection issue can be adapted to plant payment card skimmers on Magento sites without the need for authentication. This would allow hackers to potentially gain access to admin accounts and possibly plant backdoors. The easiest way to protect yourself against this is to make sure you have the latest security patch installed.
PRODSECBUG-2198 is among the three dozen security bugs Magento developers have fixed. This affects the following versions of Magento:
- Magento Commerce < 220.127.116.11
- Magento Open Source < 18.104.22.168
- Magento < 2.1.17
- Magento < 2.2.8
- Magento < 2.3.1
We recommend that our clients find time to get in touch so we can help ensure your Magento site security is up to date. You can also run the Magento Security Scanning Tool to check your site’s security status. At magic42, we take security seriously. Speak to one of our Magento Solution Specialists if you have any concerns about your website’s security.