Critical vulnerability in Magento: Many Swiss websites are still vulnerable

Published on 2015-04-30 12:55:00 UTC by GovCERT.ch (permalink)
Last updated on 2015-05-01 09:39:53 UTC

In February 2015, Magento (a popular eCommerce software for webshops) released a security patch addressing a critical vulnerability in its product. The vulnerability allows an attacker to send a special prepared HTTP request to any website running a vulnerable version of Magento in order to execute malicious code on the remote webserver (a so called Remote Code Execution RCE vulnerability). More than two months later, MELANI / GovCERT.ch still sees a fairly big amount of websites in Switzerland running an old, vulnerable version of Magento, exposing themselves and its visitors to cyber-attacks from the internet. Hackers can (ab)use the vulnerability to e.g. place malicious code on the victims website to infect its visitors with malware (Drive-By exploits). MELANI / GovCERT.ch is currently aware of more than 1'100 websites hosted in Swiss IP address space or within Swiss name space (ccTLD .ch) which are still running a vulnerable version of Magento - some of them are popular webshops and well known in Switzerland.

Today, GovCERT.ch has sent out notifications to the responsible web hosting providers in Switzerland, informing them about websites hosted in their IP space running a vulnerable version of Magento and asking them to notify the associated website owners about the vulnerability.

We urge webmasters running Magento to ensure that they are using the latest version of Magento (SUPEE-5344). You can check if your website is vulnerable using the Magento Shoplift Bug Tester:

Should you are using an older version of Magento, we highly recommend you to update to the latest version of Magento as soon as possible. The latest version of Magento can be found on the vendors website:

Further information about the RCE vulnerability in Magento can be found here:

Share on Twitter Share on Facebook

Back to top