Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Magento fixes critical SQL vulnerability with latest security updates

Magento fixes critical SQL vulnerability with latest security updates

  • The e-commerce platform released patches for both Magento Commerce and Magento Open Source variants.
  • The SQL flaw found in versions 2.3.1 and earlier could allow attackers to steal sensitive information from databases connected to Magento-based sites.

Content management software provider Magento has released a string of updates to fix multiple security holes in its platform. These updates come after the platform was targeted in a number of attacks since February.

One critical flaw that was addressed with the updates is a SQL-injection bug that could allow attackers to execute malicious codes, and obtain sensitive information from databases used by Magento-based sites.

The big picture

  • The new versions 2.3.1, 2.2.8 and 2.1.17 fix the security vulnerabilities discovered in both Magento Commerce as well as Magento Open Source.
  • In the advisory published by Magento, online sites using versions below Magento 2 are advised to move to Magento Commerce & Open Source.
  • The SQL-injection bug, designated as ‘PRODSECBUG-2198’ by Magento, could allow an unauthenticated user to run malicious arbitrary code and subsequently steal sensitive data. As of now, no technical details are available for this bug.
  • Other bugs that were patched include remote code execution, cross-site scripting, privilege escalation, cross-site request forgery, and information disclosure flaws.

Databases at risk

Since SQL injections corrupt databases, Magento users are advised to update to the latest versions as soon as possible.

“Unauthenticated attacks, like the one seen in this particular SQL Injection vulnerability, are very serious because they can be automated — making it easy for hackers to mount successful, widespread attacks against vulnerable websites,” Sucuri stated in its blog.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket