Magento 1 & 2 critical SQL injection flaw

by Sansec Support

Published in Guides

In March 2019, a critical SQL injection flaw was discovered in Magento 1 and 2. This allows attackers to read and write to your database. A common attack pattern is that your admin passwords are stolen.

To fix this, install these Magento-supplied patches:

Magento 1
Magento 2

Installed these patches and eComscan still reports this issue? In some cases, the old (vulnerable) code is cached and still active. You should flush all caches. See also this Stackoverflow question.

It is also possible that you have a duplicate of the (older) Magento code located under your hosting account. In that case, it is recommended to purge the older version.

What is Magecart?

Also known as digital skimming, this crime has surged since 2015. Criminals steal card data during online shopping. Who are behind these notorious hacks, how does it work, and how have Magecart attacks evolved over time?

About Magecart

Need expert advice? We are here to help!

Contact

Magento 1 & 2 critical SQL injection flaw

What is Magecart?

Made with ❤

Stay up to date with the latest eCommerce attacks

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
|
Company Reg 77165187
|
Tax NL860920306B01

Magento 1 & 2 critical SQL injection flaw

What is Magecart?

Made with ❤

Stay up to date with the latest eCommerce attacks

experts in eCommerce security

Terms & Conditions|Privacy & Cookie Policy|Company Reg 77165187|Tax NL860920306B01

Terms & Conditions
|
Privacy & Cookie Policy
|
Company Reg 77165187
|
Tax NL860920306B01