Magento has released a new security patch SUPEE-6788, available for all the versions but comes in-built in Magento 1.9.2.2 CE and 1.14.2.2 EE, to prevent the websites from getting targeted by GURUINCSITE MALWARE (Neutrino exploit kit). This virus badly affected the sites by injecting malicious scripts which create iframes from this site. These scripts are injected into the design/footer/absolute_footer entry of the core_config_data table. The bug was detected in the Magmi Magento Extension, an add-on that helps in the mass product import into a Magento E-Commerce store.
The highlights of this security patch include:-
- Admin Routing changed – If a module has admin functionality that is using custom router instead of the admin URL, it will need to be updated.
- SQL Queries Modified – The way SQL queries have to be given in Magento has also been changed.
Therefore, the extensions utilizing SQL Queries with tilde sign or admin functionality need to be modified to ensure their working.
CedCommerce Team is working at its best to update all its extensions as per the new security patch within 24-48 hours to ensure its clients face least inconvenience and their site doesn’t gets hampered in anyway.
After successfully installing SUPEE-6788, it needs to be enabled in the Magento admin panel to apply the security fixes. This can be done by navigating to System > Configuration > Advanced > Admin. Locate the “Security” tab and disable the “Admin routing compatibility mode for extensions” as given below
If this field is enabled then your site will be in working condition if the extensions or addons used in your site have not been updated according to the Security Patch. Thus, till the time extensions are getting updated this procedure can be followed to ensure the working condition of the site if and only if the extensions to be updated just contain admin functionality and no SQL Queries with tilde sign.
We would recommend you to update your site for the new security patch only after getting updated extensions so as to make sure no risk is encountered.
To receive any kind of support related to our extensions regarding this security fix, please contact us via ticket using this URL https://support.cedcommerce.com/ or email us at support@cedcommerce.com. We’ll be happy to help you!!
How do you like the POST? Feel free to express your ideas with us in the comment section. Any suggestions or opinions would be greatly appreciated 🙂