We’d like to make you aware of an important new patch that addresses a potential security issue in Magento software. This issue allows an attacker to remotely execute code on Magento software using a specially crafted request. This issue affects almost all versions of Magento Enterprise Edition and Magento Community Edition.
It is highly recommend to upgrade your shop to the latest Magento version and apply the latest security patch released by Magento as soon as possible.
Recommended actions:
- Check for unknown files in the web server document root directory. If you find any, you may be impacted
- Download the patch (SUPEE-5344) from the Magento Support Portal. Different versions of the patch are available for Magento Enterprise Edition 1.11.x through 1.14.1.
- If you use Magento Community Edition, you can download patches for versions 1.6.x though 1.9.1 from the Magento Community Edition.
- Implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.
If you don`t know how to make this changes, we recommend you contact the experts. Our Magento development team will quickly update the necessary patches.
If the security of your store is important for you - write to us.