Critical Magento SQL Patch Released
On March 26, 2019, the Magento Commerce Team at Adobe released a major security update to patch thirty-seven new vulnerabilities, which include an SQL injection flaw. What makes this flaw dangerous is that unauthenticated remote hackers are able to exploit it to run queries on your site’s database to steal sensitive information or setup administrative access to your site.
How do I know if my site is affected?
If your site is running a version of Magento prior to the following, your site is affected:
- Magento Open Source prior to 184.108.40.206
- Magento Commerce prior to 220.127.116.11
- Magento Commerce 2.1 prior to 2.1.17
- Magento Commerce 2.2 prior to 2.2.8
- Magento Commerce 2.3 prior to 2.3.1
You can easily check the version of Magento on your site by logging into the Magento Admin Backend and looking at the very bottom of the page. It will be located in the center of the footer.
How can I patch this vulnerability?
You or your developer can upgrade to a version of Magento which is patched against the flaw mentioned above. Patching instructions differ depending on if you are on Magento 2 or Magento 1. We highly recommend creating a backup of your site in its current working state before applying the patch. That way, if a problem arises during the upgrade, you can go back to the working state, fix the problem, and try to patch again. You can find more information about backing up your site at this blog post.
Magento 2 Patch: https://devdocs.magento.com/guides/v2.3/comp-mgr/bk-compman-upgrade-guide.html
Magento 1 Patch: https://devdocs.magento.com/guides/m1x/install/installing_upgrade_details.html
If you have any questions regarding this update, feel free to contact our 24/7 Support Team.