Reading Time: 2 minutes
Magento is here again to keep your ecommerce solution safe! The latest SUPEE patch ‘8788’ secures you against Zend framework and payment vulnerabilities, adds extra security measures to the import/export functionality, ensures sessions are invalidated after a user logs out and more.
Vulnerabilities Descriptions:
With some payment methods, it could be possible to execute malicious code during checkout.
A bug in Zend Framework value escaping could allow a user to inject SQL through the ordering or grouping parameters.
It is possible to use the Magento Enterprise Edition invitations feature to insert malicious JavaScript that might be executed in the admin context.
A user with administrator permissions can use blocks to exfiltrate information stored in cache and possibly execute code.
It has been found to be possible to log in as an existing customer with only an email address.
The import/export functionality in Magento unserializes data supplied from the Admin dashboard without proper checks. This can lead to possible malicious code execution.
In Magento Enterprise, is may be possible to manipulate the full page cache to store incorrect pages under regular page URL entries.
Magento function related to URL processing incorrectly uses user-supplied data from request headers. This can result in a cross-site scripting issue.
If a user as admin level access to catalog management, it is possible to create a category that contains malicious JavaScript code.
A user can upload a modified image that could lead to a script timeout.
Implementing filters for XSS in email templates and other Admin features might not be sufficient to stop specially crafted exploit strings.
Improper form key validation leads to possible CSRF attacks on forms.
A phishing page could be created that, if visited by a customer, may remove the customer’s address or wishlist items.
Sessions do not expire after logout, session cookies are therefore vulnerable.
Lack of certificate validation on calls to external services opens these up to possible attacks. To execute this, the attack would have to be highly complex.
Theoretically, it could be possible to execute a timing attack on the password checking functionality.
Severity Level:
The severity of vulnerabilities in this patch range from Low – Critical – If you are running one of the affected Magento versions it is extremely important that this SUPEE patch is installed.
Product(s) Affected:
Enterprise Edition 1.9.0.0-1.14.2.4 and Community Edition 1.5.0.1-1.9.2.4.