Magento Security Patch SUPEE-10888

 

 

SUPEE-10888 is the newest security patch for Magento Commerce 1.14.3.10 and Open Source 1.9.3.10. Introduced on September 10, 2018, SUPEE-10888 provides multiple resolutions for various security vulnerabilities and performance issues detected within the earlier versions of the Magento platform.

 

The Magento Security Patch SUPEE-10888 is accessible for merchants using the following Magento editions:

 

  • Magento Commerce 1.9.0.0-1.14.3.10 merchants should download the SUPEE-10888 Security Patch or install Magento Commerce 1.14.3.10.

 

Magento ongoing support professionals recommend that Magento Open Source 1.5.0.0-1.9.3.10 merchants download the SUPEE-10888 Security Patch or go directly to install Magento Open Source 1.9.3.10.

 

The Magento managed support experts at top Magento agency Forix advise downloading and installing the SUPEE-10888 security patch for your Magento Commerce or Magento Open Source platform.

 

Security Resolutions

 

With the installation assistance of Magento ongoing support from top Magento developer Forix, you can obtain the benefits of all the following security protections that are embedded in the SUPEE-10888 security patch.

 

APPSEC-2061: Unconfirmed Information Breach Through Layout Injection

 

This security risks allows an administrator with limited authority to get days he or she does not have the permissions to access. This problem affected all Magento Open Source editions before 1.9.3.10, in addition to all Magento Commerce editions before 1.14.3.10.

 

APPSEC-1971: Reflective XSS Against Admin Grid Panel

 

As cross-site scripting security problem, this risk permits the employment of arbitrary JS on the admin sales grid with the use of URL restrictions.

 

APPSEC-1859: Reset Password URL Includes Consumer ID

 

This information security threat gives a hacker the chance to obtain a consumer’s ID in a customer’s reset password link for his or her account. After learning a customer’s ID, the hacker can move to breach the user’s account and access classified information.

 

APPSEC-2067: Admin to Admin Cross-Site Scripting in Custom Attribute Labels

 

This security hazard can enable an administrator with limited permissions to employ a cross-site scripting attack on another administrator account.

 

PPSEC-2060: Overwrite Mass Reviews

 

This issue can potentially allow large amounts of reviews, information, and data to be overwritten with the use of specific configurations.

 

APPSEC-1936: Customer Data Accessible Within the Database

 

This security risk can permit an attacker to utilize a brute force attack with the hope of configuring the global/secret/key, located in the platform’s app/local database. That is where an attacker can then obtain the files containing the consumer’s days and decrypt to acquire the Magento user’s password from the sales quote table.

 

Performance Advancements

 

Alongside the various types of security corrections, you can also access the perks of several performance advancements after installing the Magento security patch SUPEE-10888 with the aid of Magento ongoing support from top Magento agency Forix. A few of these performance enhancements include:

 

APPSEC-2002: Automated Email After a New Admin Account Is Made

 

This new feature assists admins in distinguishing new administrator accounts by sending an email alert whenever a new administrator account is established.

 

APPSEC-1730: Doesn’t Force HTTPS Usage

 

This solution assures that downloaders are only able to use HTTPS connections.

 

The Magento managed support team at Forix can help you install and test Magento security patch SUPEE-10888 in a development atmosphere first to ensure that is working effectively.