In Hosting Guides, Nublue Blog Magento remote code execution bug patches for pre-1.6 versions Posted by Stefan It has come to light over the last couple of days that a potentially serious remote code execution bug has been discovered in Magento. To date there hasn’t been a lot of information released on this but you can learn more on Magento’s Twitter feed. As one of the world’s biggest ecommerce brands, Magento is widely used as the platform for retail sites in a range of newer and older versions. While Magento has released patches (SUPEE-5344) for versions 1.6 upwards on their site, there has been little information so far for Magento users running older versions – which is why we’ve come up with our own patches for you, available to download below if you’re running Magento versions 1.3, 1.4 or 1.5. Important information Our primary advice is to recommend that you run the latest stable versions of all your web applications, including Magento, to keep your online security risks to a minimum. But, we also appreciate that many Magento users run older versions on their sites for a variety of reasons – which is why we wanted to release patches for Magento 1.3, 1.4 and 1.5 to keep you protected. Our Magento patch downloads Update: we’re pleased to add that the following patches are now referenced and linked to directly in the Magento Community Edition User Guide for versions prior to 1.4: If you run Magento 1.3 – Magento 1.3 SUPEE-5344 Remote Code Execution Patch If you run Magento 1.4 – Magento 1.4 SUPEE-5344 Remote Code Execution Patch If you run Magento 1.5 – Magento 1.5 SUPEE-5344 Remote Code Execution Patch To apply navigate to your webspace root using ssh (in the case of Plesk it this would be /var/www/vhosts/yourmagento.com/httpdocs/) Then run: Shell patch -p1 -i name.patch 1 patch -p1 -i name.patch We’ve tested these patches on installs of these three Magento versions, however we would like to emphasise that downloading and using these patches is done so at your own risk – so please make a backup of your site before you apply them. Although these patches are free to use by anyone with a Magento site, we can’t accept responsibility for any potential issues that could be caused by their incorrect use. We also strongly advise that you check the patch files and your Magento version before you apply these patches. Please feel free to share this blog with anyone you think might benefit from these patches. If you have any questions, just leave a comment below and we’ll get back to you.