Magento security flaw exposed – have you fixed it?
If you run a Magento driven webstore or ecommerce site it’s time to make sure that you’re running a protected version of the system because a significant security flaw has be revealed. And if you don’t run the site personally, it’s a good idea to get in touch with your supplier to make sure you’re sorted. They may well have been in touch already.
Apparently both versions 1 and 2 of Magento are affected and the problem can be exploited just by registering with a ‘spiked’ username or email address. That means there can be vulnerability from an automated hack attack. The risks means that a Magento store can effectively be hijacked meaning user data like passwords and payment details could be at risk.
Here are the two security updates you need to familiarise yourself with:
Were you aware of these problems and have you been affected? Hopefully not.