• We are trusted partners of:
BlogMagento

[Reminder & Advice] Important security vulnerability

By April 24, 2020 No Comments

Dear Magento merchants already on Magento 2.1.0 – 2.3.0, Innobyte would like to make you aware of an important security vulnerability in Magento platform that may impact your customers and you need to address immediately.

 


Type: SQL Injection vulnerability through an unauthenticated user


 

The security vulnerability found is an unauthenticated SQL injection. An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. As your customers may be potentially at risk, protect your store from this vulnerability immediately. Read more about the vulnerability here.

We strongly recommend installing the patch PRODSECBUG-2198. To download it, go to https://magento.com/tech-resources/download#download2288. There are no confirmed reports of attacks related to this vulnerability, but it is important that you deploy the patch to protect your store.

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. Not having this Security Patch installed allows an attacker to remotely access your clients’ database.

If you need assistance, please contact us at [email protected].

 

Mariana Roman

Author Mariana Roman

Hi, I’m Mariana, Marketing & PR specialist at Innobyte. I believe in the power of words, in modern-day heroes, and in the beauty of simple things.

More posts by Mariana Roman