The Magento Remote Code Execution Vulnerability

Earlier this week, a remote code execution vulnerability against Magento, the eBay-owned free and paid eCommerce platform, was released. Security researchers chained together multiple smaller vulnerabilities to ultimately run arbitrary code on the server Magento is hosted on.

The Impact Of The Vulnerability

As you can imagine, being able to run any code you want on an eCommerce site is bad. Customer and credit card data, prices and inventory, all become controllable with this exploit “chain.”

After responsible disclosure of the vulnerability this week, attacks on Magento sites ramped up. The attackers exploited the vulnerability to inject code that adds surreptitious admin users, and likely leaving other backdoors for future access.

If you run a Magento site:

Update Magento as soon as possible.

A patch for the vulnerability was released in February – SUPEE-5344 – and the patch and instructions are available from the Magento website and byte.nl, respectively. Back up your database and website files before patching.

If you don’t have a web application firewall, consider getting one.

WAFs block attacks and stop them from accessing your site to begin with. For SiteLock customers who had the TrueShield WAF configured, attempted exploits of even unpatched Magento sites were blocked. For websites that have already been exploited via the Magento vulnerabilities, TrueShield stops backdoor access so the bad guys can’t get back in.

Scan your Magento site files to ensure all issues are patched.

The SiteLock SMART scanner analyzes the source code of sites themselves, and often finds the payload, or results, of an exploit before it’s released.

For more information on how SiteLock can help secure your site, visit www.sitelock.com.