The patch package SUPEE-5994 and SUPEE-6285 addresses a range of issues, including scenarios where attackers can gain access to customer information.
Not having these security patches installed on your Magento store can lead to personal or client information theft or security gaps including cross-site scripting (XSS), cross-site request forgery (CSRF), and error path disclosure vulnerabilities.
Here are all vulnerabilities your store is exposed to:
- Customer Information Leak via RSS and Privilege Escalation;
- Request Forgery in Magento Connect Leads to Code Execution;
- Cross-site Scripting in Wishlist;
- Cross-site Scripting in Cart;
- Store Path Disclosure;
- Permissions on Log Files too Broad;
- Cross-site Scripting in Admin;
- Cross-site Scripting in Orders RSS;
- Customer Address Leak through Checkout;
- Customer Information Leak through Recurring Profile;
- Local File Path Disclosure Using Media Cache;
- Modifications or export of information using Formula Injection;
- Cross-site Scripting Using Authorize.Net Direct Post Module;
- Overwrite of System Files on Server.
Purchase “ Security Patch Package SUPEE-5994 and SUPEE-6285” services and we’ll provide the necessary support!
We’ll contact you as soon as we receive the confirmation of your purchase to begin the installation of the security patches.
Ratings and Review