Magento 2.1 prior to 2.1.14, Magento Open Source prior to 1.9.3.9, and Magento Commerce prior to 1.14.3.9 PHP Object Injection and RCE in the Magento 2 EE admin panel (Enterprise Target Rule module) Magento 2.1 prior to 2.1.14, Magento 2.2 prior to 2.2.5ĪPPSEC-2042: PHP Object Injection and RCE in the Magento 2 EE admin panel (Commerce Target Rule module) Magento Open Source 2.2.5 and 2.1.14 (Developers contributing to the Open Source code base)ĪPPSEC-2014: Authenticated Remote Code Execution (RCE) through the Magento admin panel (swatches module)Īn administrator user can achieve remote code execution by exploiting a vulnerability in the swatches module.ĪPPSEC-2054: Remote Code Execution (RCE) via product importĪn administrator user with access to product import can add arbitrary code to the server. Magento Open Source 2.2.5 and 2.1.14 (Composer upgrades) Magento Open Source 2.2.5 and 2.1.14 (New composer installations) Magento Open Source Download Page > Download Tab Magento Open Source 2.2.5 and 2.1.14 (New. My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.14 My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.5
Magento Commerce 2.2.5 and 2.1.14 (Composer upgrades) Magento Commerce 2.2.5 and 2.1.14 (New composer installations) Partner Portal > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.14 Partner Portal > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.5 To download the releases, choose from the following options:
MAGENTO PHP 5.2 HOW TO
Please refer to Security Best Practices for additional information how to secure your site. Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.2.5. Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.
0 kommentar(er)
