A vulnerability in the Magento platform

Check Point, the largest provider of Internet security solutions, announced that a research team for malware and vulnerability research detected a critical flaw of RCE (remote code execution) in the e-commerce platform Magento (eBay group), which uses nearly 200,000 online stores.

Using the vulnerability, hackers have the ability to open the PHP code, thanks to which they can intercept administrator access data. From the system level, hackers are able to take control of databases, steal credit card data as well as personal infomations of users.

- As online purchases are systematically replacing sales in stationary stores, e-commerce sites will be increasingly subject to attacks due to the high value of information on credit cards - says Shahar Tal , head of the team for research on vulnerabilities at Check Point Point Software Technologies.
- Being vulnerable to hacker attacks is a threat not for one store but for all brands that use the Magento platform to serve their online stores. In total, Magento customers constitute about 30% of the entire e-commerce market.

Before the information was released, Check Point informed eBay about the vulnerabilities found, along with a list of proposed amendments. The threat removal patch was released on February 9, 2015 (SUPEE-5344 available here). Shop owners and administrators have been requested to apply the amendment immediately.

Check Point customers are protected against the use of vulnerabilities by IPS software blades. For more information, visit the blog: http://blog.checkpoint.com/

source: Check Point



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.