Magento Releases New Security Patches for SQL Injection Vulnerability

03 Apr 2019
Mike Patel
Mike Patel
Magento Releases New Security Patches for SQL Injection Vulnerability

When it comes to an Ecommerce store, the first and the foremost concern that comes to our mind the Security. Owing to this, the latest Magento Commerce and Open Source versions – 2.3.1, 2.2.8 and 2.1.17 have multiple security enhancements. They help close Cross-Site Scripting (XSS), Remote Code Execution (RCE) and other vulnerabilities.

Also, the Merchants who have not downloaded or upgraded to Magento 2 must go straight to Magento Open Source 2.3.1 or Magento Commerce 2.3.1.

However, a vital security concern that needs immediate attention of Ecommerce merchants is a SQL injection vulnerability, identified in pre-2.3.1 Magento code. You must install patch PRODSECBUG-2198 to quickly protect your online store from this vulnerability.

But we recommend that you must upgrade to Magento Open Source or Commerce 2.3.1 or 2.2.8 to protect against this as well as other vulnerabilities. Install these full patches immediately.

The security patch for Magento Open Source 1.9.4.1 and Commerce 1.14.4.1, SUPEE-11086 also contain security enhancements to close RCE, XSS, cross-site request forgery (CSRF) and various other vulnerabilities.

The patches and upgrades are available for these Magento versions:

Magento Commerce 1.9.0.0-1.14.4.0: Install SUPEE-11086 or upgrade to Magento Commerce 1.14.4.1.

Magento Open Source 1.5.0.0-1.9.4.0: Install SUPEE-11086 or upgrade to Magento Open Source 1.9.4.1.

You can get more details about the download sources for SUPEE-11086 and PRODSECBUG-2198 from Magento.com.

The SQL Injection vulnerability can lead to major security threats to your store including the extraction of card data by hackers. Install the security patches or upgrade your Magento store by contacting a trusted Magento development service provider like ioVista and get your Ecommerce business safeguarded from any kind of threats and vulnerabilities.

Mike Patel
Mike Patel linkedin

Mike Patel is a digital marketing enthusiast, innovator and President of a leading Digital and E-commerce Development Agency in Dallas, Texas. Mike holds a BS, Computer Science degree from Wayne State University and is a key player in the E-commerce development and digital marketing industry since 2004. The scope of technology in his extensive experience of more than 15 years ranges from Magento, Shopify, BigCommerce SEO (Search Engine Optimization), PPC (Pay Per Click) management, E-commerce SEO, Google Shopping Ads and more.

Get in Touch






    Start Your Free Website & Platform Assessment.

    Get in touch with us if you have a web development or digital marketing project that you would like to get underway!

    Platform Assessment

    TOP