Magento SQL Injection Critical Vulnerability, Fix Your Website Now

October 1, 2022 33hotness 0likes 0comments

Magento is not as popular in the Blog website segment (news, personal blogs) as wordpress. But for large e-commerce websites, Magento is number 1. It's been a long time since Magento has had a big security hole like this time, Magento SQL Injection

If your business is using an online e-commerce website and running on Magento platform, you must read this article or send it to the IT team immediately.

Magento has released (March 28, 2019) a new version of its content management software to address a total of 37 newly discovered security vulnerabilities.

Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platforms powering 28% of websites on the Internet with over 250,000 companies using e-commerce platforms. open source.

Although most of the reported issues can only be exploited by authenticated users (with authorized users), one of the most serious vulnerabilities in Magento is a SQL Injection vulnerability that can be exploited. exploited by unauthenticated remote attackers.

The vulnerability has no CVE ID but is internally labeled "PRODSECBUG-2198" that could allow remote hackers to steal sensitive information from the databases of vulnerable e-commerce websites, including including an admin session or a "password hash" that could give hackers access to the admin console.

Affected Magento versions include:
Magento Open Source Before
Magento Commerce before
Magento Commerce 2.1 before 2.1.17
Magento Commerce 2.2 before 2.2.8
Magento Commerce 2.3 before 2.3.1

As long as you register VPS / Server at Hostagy, you will get free server administration

Hostagy is a diligent IT staff with high professional qualifications, always supporting 24/24 including holidays, holidays... for 0 VND! Are you wondering about the old VPS still valid? Rest assured, Hostagy supports the remaining expiry date of the old Host package

With this service, you can rest assured to sleep well, the Server has Hostagy awake and managed 24/24 to help you :D!
Here is a list of common server administration jobs:

  • Optimize VPS settings
  • Network configuration
  • Update patch
  • Configure security for VPS/Server
  • Install other software and services as required
  • Transfer data to VPS... (read more)

You have not found information yet? Please chat directly with a consultant at the right corner of the screen or call 02466-567-555 for direct advice.

Since Magento websites not only store user information, but also customer order history and financial information, this vulnerability could lead to catastrophic online attacks targeting bank cards. .

Magento SQL Injection

Due to the sensitive nature of the data that Magento e-commerce websites handle on a daily basis as well as the risk that the SQL vulnerability presents, the Magento developers have decided not to disclose the technical details of the vulnerability. .

Besides the SQLi vulnerability, Magento has also patched cross-site request forgery (CSRF), cross-site scripting (XSS), remote code execution (RCE) and other bugs, but the exploitation of the majority of vulnerabilities That vulnerability requires attackers to authenticate websites with some level of privilege.

Online website owners are encouraged to upgrade their e-commerce sites to recently patched versions as soon as possible before hackers start exploiting the vulnerability to compromise your website and compromise your website. Steal customer payment card information.

>> Articles you should see:

Hostagy pioneers in deploying copyrighted anti-virus software on Shared Hosting in Vietnam

Serious security hole in Apache, Update now before it's too late

Warning about extremely dangerous XSS security vulnerability in WordPress

Security Configuration for Linux Servers Not Attacked by Memcached Errors

Best Domain Name Provider - Hosting - VPS in Vietnam

As a unit in the top 3 in the field of website hosting services in Vietnam, Hostagy is evaluated as a provider cheap domain name and Cheap Hosting as well as always receive many recommendations from computer forums about where to buy good Hosts . From only 50,000 VND/month, users have immediately got themselves a Hosts to freely study, research or run demo websites… Besides, Hostagy is also a pioneer in cloud computing technology. (cloud Hosting), package server rental with unlimited bandwidth.
Hostagy has a variety of service packages, besides the super cheap packages of 50,000 VND/month, the provider also has cheap vps quality for many different business groups. These packages always meet the storage needs, accessing tens of thousands of people every day.
In addition, with professional customer care service, a team of highly qualified technicians will quickly support and handle arising problems. From there, helping users get a smooth and enjoyable experience.

Through the article on Hostagy has helped you get more useful information! Hope you will be able to equip yourself with many more knowledge that we have shared! If you find this article useful, please subscribe to follow the latest information from Hostagy. Good luck!

Theo thehackernews

Source link


This person is a lazy dog and has left nothing