Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Are vulnerabilities fixed in 1.8.0.0 present in 1.7.0.2? 
 
alla333
Jr. Member
 
Total Posts:  1
Joined:  2013-07-22
 

Hi there,

Release notes for 1.8.0.0 Alpha methion a security fix for remote code exection vulnerability. Is the vulnerability present in 1.7.0.2 which is the latest stable release?

Regards,
Alla

 
Magento Community Magento Community
Magento Community
Magento Community
 
insom
Jr. Member
 
Total Posts:  1
Joined:  2013-09-25
 

Hi,

People on this thread:

http://www.reddit.com/r/Magento/comments/1n4vha/magento_remote_code_execution_in_17/

Reckon it’s a cookie deserialization issue. I’ve put a patch together here which is equivalent to the changes in 1.8 for *this specific issue*.

https://gist.github.com/insom/6712120

Aaron

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top