Magento SUPEE-8788 Security Patch

Released on October 11, 2016, SUPEE-8788 is the latest security patch released for both the Enterprise and Community editions of Magento platforms. SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 aim to address a range of security threats including problems involving the Zend framework, payments methods and session duration problems. In order to grasp a better understanding of the potential issues SUPEE-8788 can shield you from, review the following issues addressed by the latest Magento upgrade.

  • Remote Code Execution (RCE). With a severity level of 9.8, the risk of remote code execution can be a significant threat to your Magento system. This problem can allow hackers to administer sinister code during the customer checkout process. In addition to this issue, the potential risks associated with not upgrading to the most recent security patch include compromises of the import and export operations in earlier versions of Magento, which can result in code execution by a questionable user as privileged admin access.
  • Cross-Site Scripting (XXS). With a severity rating of 6.1, instances of cross site scripting can pose a medium-level threat to your Magento system. Possible problems include allowing hackers to build a category that contains questionable JavaScript code in the form name, which can be administered to additional portions of an Admin panel, which includes URL reconfigurations.
  • SQL Injection/Improper validation. With a severity level rating of 9.1, SQL insertion and incorrect validation processes can pose a critical threat to your system. An issue within the Zend Framework value process presents the opportunity for questionable users to insert SQL via the organization or grouping of various parameters. There are no detected susceptible front-end points that may permit a comprehensive SQL insertion, entry spots have been detected in the Magento Admin panels, which means that other similar pathways are present as well.
  • Denial of Service. With a severity issue rating of 5.3, denial of service issues have the potential to pose a medium level threat to your Magento system. Issues include allowing a questionable user to upload an image specifically configured to cause script failure, which results in a reduction of service. This threat can affect Magento stores that permit users to upload images through various customized selections.
  • Information Leaking. With a severity level rating of 7.7, information leaking issues pose a high threat to your system. This problem allows any infiltrator who has obtained the access to CMS functions and with admin privileges to have the opportunity to use their privileges to utilize blocks in cached reports. This may be personal information regarding merchant settings, encryptions, and system details regarding connection information. This may also present the opportunity for hackers to administer questionable code in an attempt to compromise your system.
  • Cache Poisoning. With the severity rating of 6.5, the risk of cache poisoning can pose a medium threat to your Magento system. Without the most recent security upgrades, it is possible for hackers to manipulate an extension to place harmful and unauthorized pages under the standard page URL inputs. This problem can affect the Magento Enterprise Edition.

Installation Options:

Security patches and updates are now available for owners of several Magento editions. Consider the following installation selections to determine the proper version for you and your Magento system.

  • For owners of the Enterprise Edition 1.9.0.0-1.14.2.4, either install SUPEE-8788 or upgrade to Enterprise Edition 1.14.3
  • For owners of the Community Edition 1.5.0.1-1.9.2.4, either install SUPEE-8788 or upgrade to Community Edition 1.9.3

Overall, it is obvious that the range of benefits associated with SUPEE-8788 are numerous, offering a range of advancements including improved security and protection from potentially dangerous threats to your Magento system. Forix highly recommends that all Magento users install and implement the latest upgrade

Get SUPEE-8788 Security Patch for Magento Systems Installed Today

The professionals at Forix can help upgrade your Magento system and ensure that your installation process goes as smoothly as possible. If you have any questions or concerns about the SUPEEE-8788 update, consider allowing the Magento experts at Forix to provide the assistance you need to protect your system from potential threats.