Magento is a popular E-commerce stack built on top of PHP. Though many times there are vulnerabilities in the Magento Code base that has caused hackers to be able to take control of your servers. But this time, the issue is slightly different and more serious.
Read on to know more about vulnerability and how you can defend yourself.
How vulnerable is Magento?
Magento is based on the PHP programming language. The vulnerability currently found is related to a bug at the PHP level. There is nothing that Magento or Magento developers could do to circumvent this situation. Fortunately PHP has immediately released patched versions that we can install.
First, check the PHP version you are using. If you have ssh access, you could do that with
php -v
if you have FTP access, you can the following code and hit it from your browser.
<?php echo 'Current PHP version: ' . phpversion(); ?>
It should be one of the following (look at the last number, which is more important in every one of the series of 7.3, 7.2 or 7.1).
- 7.3.9
- 7.2.22
- 7.1.32
If you see any less version, then your PHP is outdated and needs to be updated.
Currently, there is no simple way to install these versions. If you are interested in getting notified drop an email to support@expertrec.com with the subject “PHP vulnerability – <your PHP version>_<Magento version>_<host operating system>”. Once we have a solution for each of the popular combinations, we will publish and notify you.
Keep your servers safe!
Wordpress users, check out this article.
Latest PHP vulnerability opens up your wordpress site to hacker attacks
More details here-
Critical PHP vulnerability [Sept 2019] : What it is and fixes
