Supee-6788 – A Critical Security Patch Magento Update to Install Immediately

  • author-img Nidhi Arora
  • 6 years
  • 176 views
Install Magento SUPEE - 6788

The next big release of Magento “Supee-6788” has just come to the attention of Magento community. Supee-6788 is Magento’s next most powerful security patch as it is a bundle of patches & helps in resolving several security-related issues. It may possibly require many extensions/customizations changes and as a result will affect your Magento store. Thus, it seems to be different one from other Magento security patches released before and will surely make some waves in the Magento community.

So, you should first make sure that you have installed all previous security patches before proceeding with Supee-6788 installation, which further ensures about its proper installation. The followings are some security related issues addressed by Supee-6788:

  • Error Reporting in Setup Exposes Configuration – APPSEC-1102
  • Filter Directives Can Allow Access to Protected Data – APPSEC-1057
  • XXE/XEE attack on Zend XML functionality using multi-byte payloads
  • Potential SQL Injection in Magento Core Model Based Classes – APPSEC-1063
  • Potential remote code execution using Cron – APPSEC-1037
  • Remote Code Execution/Information Leak Using File Custom Option – APPSEC-1079
  • Cross site scripting with error messages – APPSEC-1039
  • Potential remote code execution using error reports and downloadable products – APPSEC-1032
  • Admin Path Disclosure – APPSEC-1034
  • Insufficient Protection of Password Reset Process – APPSEC-1027
  • Dev Folder Not Protected – APPSEC-1124
  • Cross-site Scripting/Cache Poisoning – APPSEC-1030

Therefore, if you really don’t want that your customers see any above mentioned issues at your store or find your store to break on the front-end or exposing their any protected information, just remember to update your Magento store by installing Supee-6788 immediately.

Credits: http://magento.com/security/patches/supee-6788

Download Blog

ENQUIRY

Ready to Get started

Communication is the key for us to understand each other. Allow us to understand
your requirements or queries. Present us with an opportunity to serve you.

Fill out the form and out team will get back to you
within 24 hours

    Head Office

    1250 Pittsford Victor Road Ste 310
    Pittsford, NY 14534

    Development Center

    Plot no. 10, Rajiv Gandhi
    Chandigarh Technology Park