Sansec logo

Magento 1 & 2 critical SQL injection flaw

Sansec

by Team Sansec

Published in Guides

In March 2019, a critical SQL injection flaw was discovered in Magento 1 and 2. This allows attackers to read and write to your database. A common attack pattern is that your admin passwords are stolen.

To fix this, install these Magento-supplied patches:

Installed these patches and eComscan still reports this issue? In some cases, the old (vulnerable) code is cached and still active. You should flush all caches. See also this Stackoverflow question.

It is also possible that you have a duplicate of the (older) Magento code located under your hosting account. In that case, it is recommended to purge the older version.

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01