27th July 2018 was a big day for the merchants running their e-commerce stores on Magento 1 versions as the platform announced the release of the SUPEE-10752 security patch. This powerful patch brings fixes for 8+ critical security flaws and issues, encompassing remote code execution, information leak vulnerabilities, cross-site scripting, and more. The installation of this security patch is strongly recommended for merchants to ensure that their e-commerce stores stay on the top, in terms of performance as well as security. Before you go ahead, here are a few things that you need to know about SUPEE-10752.
It addresses multiple issues
SUPEE-10752 addresses multiple flaws and vulnerability issues, including the following:
- Authenticated Remote Code Execution using custom layout XML (APPSEC-2001)
- Authenticated SQL Injection while saving a category (APPSEC-2007)
- Authenticated Remote Code Execution through the Create New Order feature (for Commerce only) (APPSEC-2015)
- PHP Object Injection and Remote Code Execution in the Admin panel (For Commerce) (APPSEC-2029)
- The cron.php file can leak database credentials (APPSEC-1882)
- Cross Site Request Forgery is possible against Websites, Stores, and Store Views (APPSEC-2027)
- Stored cross-site scripting (XSS) through Enterprise Logging extension (APPSEC-2006)
- Cross-Site Scripting (XSS) through Remote File Inclusion (APPSEC-2004)
These are just a few of the vulnerabilities that this patch takes care of. There are several more security enhancements that it offers for your e-commerce store.
There are some challenges related to its installation
The patch comes by default in the package if you upgrade to Magento 1.9.3.9 (Open Source) and Magento 1.14.3.9 (Commerce) versions. On the otjer hand, it has to be installed for the versions beyond Magento Open Source 1.5.0.0 and Magento Commerce 1.9.0.0. The installation of SUPEE-10752 security patch can be challenging as compared to that of other patches. Conflicts are likely to arise if the first version of the previous patch SUPEE-10570v1 has been installed. The best solution lies in removing SUPEE-10570v1 and installing SUPEE-10570v2 before going ahead with the installation of SUPEE-10752.
It is best to seek the assistance of expert professionals
If your online store runs on any of the aforementioned versions, installation of the security patch is recommended sooner rather than later. Moreover, it is best to avail the services of professional Magento developers who are capable of dealing with the complexities of the installation process. They can handle glitches with the working of the extensions and also look after any other problems that may come up while installing the patch. Having an expert developer to assist you with the task reduces the stress and makes the entire process a smooth sail.
Conclusion
Considering the multiple vulnerabilities that SUPEE-10752 is capable of addressing, you should opt for installation as soon as you can. If you are looking for a professional Magento development company for the job, OrangeMantra is a name that you can trust. We have a team of seasoned Magento developers who hold expertise in the platform and render a complete range of services that are needed to create, maintain, and run a Magento store flawlessly.
