This security patch addresses Zend framework and payment vulnerabilities, ensure sessions are invalidated after a user logs out, and make several other security enhancements.
Some issues which are fixed with this patch:
- Fixed vulnerability which allowed executing random commands on checkout so a hacker could get an access to control your store
- Fixed SQL vulnerabilities which allowed a hacker to erase all the data in the store
- Prevented ability to get an access to some admin sections closed to users with limited access
- Some other minor security issues were fixed.
As you can see, it’s very important to get your Magento 1 store patched as soon as possible but I’m glad to report, all stores hosted by FinestShops are already patched and you did not even have to call or send a ticket about this (few clients I talked today did not even know about this major patch being released). It’s nice to have important things done for you isn’t it? 🙂
You can find more details about this patch here: https://magento.com/security/patches/supee-8788
and if you have any questions or want your store to be scanned for any missing patches, please call us at 1(800)675-0162 or email to support@finestshops.com
