Description
Check Point researchers discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data.
Remediation
A patch to address the flaws was released on February 9, 2015 (SUPEE-5344). Install this patch or upgrade to the latest version of Magento.
References
Related Vulnerabilities
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
Code Evaluation (Apache Struts) S2-045
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)