Decription: Magento SUPEE-5994 patch is a bundle of eight patches that resolve several security-related issues.
You can find more details on the vulnerabilties address by this patch below:
- Admin Path Disclosure - APPSEC-977
- Customer Address Leak through Checkout - APPSEC-945
- Customer Information Leak through Recurring Profile - APPSEC-926
- Local File Path Disclosure Using Media Cache - APPSEC-965
- Cross-site Scripting (XSS) Using Magento Downloader - APPSEC-979
- Spreadsheet Formula Injection - APPSEC-978
- Cross-site Scripting Using Authorize.Net Direct Post Module - APPSEC-907
- Malicious Package Can Overwrite System Files - APPSEC-535
Affected versions: Magento CE prior to 184.108.40.206, and Magento EE prior to 220.127.116.11
Recommended action: Download and apply patch.
Test the website on https://www.magereport.com/