Magento eCommerce PHP Remote Code Execution

Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento on February 9th, 2015 The patch to the Remote Code Execution vulnerability is available on the Magento site; Magento Downloads, patch SUPEE-5344. More Technical information is available on Checkpoint This patch changes following files for community edition app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php app/code/core/Mage/XmlConnect/Model/Observer.php lib/Varien/Db/Adapter/Pdo/Mysql.php Before applying Read more about Magento eCommerce PHP Remote Code Execution[…]