Magento is a popular E-commerce stack built on top of PHP.  Though many a times there are vulnerabilities in the Magento Code base that has caused hackers to be able to take control of your servers.  But this time, the issue is slightly different and more serious.

Read on to know more about the vulnerability and how you can defend yourself.

magento vulnerability

Magento is based on PHP programming language.  The vulnerability currently found is related to a bug at the PHP level.  There is nothing that Magento or Magento developers could do to circumvent this situation.  Fortunately PHP has immediately released patched versions which we can install.

First check the PHP version you are using.   If you have ssh access, you could do that with

php -v

if you have ftp access, you can the following code and hit it from your browser.

 

It should be one of the following (look at the last number, that is more important in every one of the series of 7.3, 7.2 or 7.1).

  1. 7.3.9
  2. 7.2.22
  3. 7.1.32

If you see any less version, then your PHP is outdated and needs to be updated.

Currently, there is no simple way to install these versions.  If you are interested in getting notified drop an email to support@expertrec.com with subject “PHP vulnerability – <your PHP version>_<Magento version>_<host operating system>”.  Once we have a solution for each of the popular combination, we will publish and notify you.

Keep your servers safe!

WordPress users, check out this article.

Latest PHP vulnerability opens up your wordpress site to hacker attacks

More details here-

Critical PHP vulnerability [Sept 2019] : What it is and fixes