Content management software provider Magento has released a string of updates to fix multiple security holes in its platform. These updates come after the platform was targeted in a number of attacks since February.
One critical flaw that was addressed with the updates is a SQL-injection bug that could allow attackers to execute malicious codes, and obtain sensitive information from databases used by Magento-based sites.
The big picture
Databases at risk
Since SQL injections corrupt databases, Magento users are advised to update to the latest versions as soon as possible.
“Unauthenticated attacks, like the one seen in this particular SQL Injection vulnerability, are very serious because they can be automated — making it easy for hackers to mount successful, widespread attacks against vulnerable websites,” Sucuri stated in its blog.