Magento web e-commerce critical RCE (remote code execution) vulnerability .

A patch to address the flaws was released on February 9, 2015 (SUPEE-5344 available here). Store owners and administrators are urged to apply the patch immediately if they haven’t done so already.

RECOMMENDED ACTIONS:

1. Check for unknown files in the web server document root directory. If you find any, you may be impacted.

2. Download and implement 2 patches from the Magento Community Edition download page.

• SUPEE-5344 – Addresses a potential remote code execution exploit (Added Feb 9, 2015)
• SUPEE-1533 – Addresses two potential remote code execution exploits (Added Oct 3, 2014)

3. Implement and test the patches in a development environment first to confirm that they work as expected before deploying them to your production site.

Note: Different versions of the patch are available for Magento Community Edition 1.4.x through 1.9.x.

HOW TO DOWNLOAD?

You can access Magento’s Community Edition download page from here. Find “Magento Community Edition Patches” section and download the right security patch.