Magento Vulnerability - Action needed Sep 2019

Magento Vulnerability – Action needed Sep 2019

Rate this article

Share this article

Magento is a popular E-commerce stack built on top of PHP.  Though many times there are vulnerabilities in the Magento Code base that has caused hackers to be able to take control of your servers.  But this time, the issue is slightly different and more serious.

Read on to know more about vulnerability and how you can defend yourself.

magento vulnerability

How vulnerable is Magento?

Magento is based on the PHP programming language.  The vulnerability currently found is related to a bug at the PHP level.  There is nothing that Magento or Magento developers could do to circumvent this situation.  Fortunately PHP has immediately released patched versions that we can install.

First, check the PHP version you are using.   If you have ssh access, you could do that with

php -v

if you have FTP access, you can the following code and hit it from your browser.

echo 'Current PHP version: ' . phpversion();


It should be one of the following (look at the last number, which is more important in every one of the series of 7.3, 7.2 or 7.1).

  1. 7.3.9
  2. 7.2.22
  3. 7.1.32

If you see any less version, then your PHP is outdated and needs to be updated.

Currently, there is no simple way to install these versions.  If you are interested in getting notified drop an email to with the subject “PHP vulnerability – <your PHP version>_<Magento version>_<host operating system>”.  Once we have a solution for each of the popular combinations, we will publish and notify you.

Keep your servers safe!

Add a Search Bar to Magento

Wordpress users, check out this article.

Latest PHP vulnerability opens up your wordpress site to hacker attacks

More details here-

Critical PHP vulnerability [Sept 2019] : What it is and fixes

Are you showing the right products, to the right shoppers, at the right time? Contact us to know more.
You may also like