Magento SUPEE-6788 Patch Available

Posted on Posted in Magento

Decription: SUPEE-6788 is a bundle of patches that resolve several security-related issues.

Fixed issues:

  • Error Reporting in Setup Exposes Configuration
  • Filter Directives Can Allow Access to Protected Data
  • XXE/XEE attack on Zend XML functionality using multibyte payloads
  • Potential SQL Injection in Magento Core Model Based Classes
  • Potential remote code execution using Cron
  • Remote Code Execution/Information Leak Using File Custom Option
  • Cross site scripting with error messages/CSRF/Session fixation
  • Potential remote code execution using error reports and downloadable products
  • Admin Path Disclosure
  • Insufficient Protection of Password Reset Process
  • Dev Folder Not Protected
  • Cross-site Scripting/Cache Poisoning

Affected versions: Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Recommended action: Apply the patch

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *