Magento remote code execution

Description

Check Point researchers discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data.

Remediation

A patch to address the flaws was released on February 9, 2015 (SUPEE-5344). Install this patch or upgrade to the latest version of Magento.

References