Chat with us, powered by LiveChat

This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Magento Security Patch Installation And Update: SUPEE-7405 & SUPEE-7616

September 24, 2018

2 Min Read
Magento Security Patch
Reading Time: 2 minutes

Magento 1.9.2.3 is the new update for Magento 1 which includes Magento security patch bundle SUPEE-7405 and USPS patch SUPEE-7616.

We highly recommend our readers and all the magenticians to install the Magento security patches or upgrade your store to the latest version. SUPEE-7405 resolves several security-related issues. More details on vulnerabilities addressed by this patch are described below:

  • Stored XSS via the email address
  • Stored XSS in Order Comments
  • Stored XSS in Order
  • Guest order view protection code vulnerable to brute-force attack
  • CSRF token not validated on backend login page
  • Malicious files can be upload via backend
  • CSRF leading to the execution of admin actions after login
  • Excel Formula Injection via CSV/XML export
  • Editing or Deleting Reviews without permission
  • Disruption of email delivery
  • CAPTCHA Bypass
  • Reflected XSS in backend coupon entry
  • Injected code can be stored in the database

SUPEE-7616 includes several updates in USPS API which includes services, rates, and package names. Previous versions of Magento are highly recommended to apply this patch as soon as possible. To install the Magento security patch, follow this easy guide and get your Magento store secured asap!

Apply Magento Security Patch

It is highly recommended that you first make a copy of your current store to avoid making changes in the production environment. After you are convinced that everything is in order on your staging environment only then proceed to replicate installation on your production environment.

However, if you are a Cloudways user, you can easily clone your Magento store to the staging using the clone application feature in the platform.

Downloading the Magento Security Patch

New security patches can be downloaded from the official downloads page of Magento Inc. Keep in mind that you should always download the Magento security patch for appropriate version of your store.

Uploading the Magento Security Patch via FTP

Now, upload the downloaded Magento security patch file to the root directory of your Magento installation using an FTP client like FileZilla.

Setting Executable Permissions

After uploading the Magento security patch, you are required to set the permission of the patch file to be executable. For this, log into your server via SSH terminal, navigate to the root directory of your Magento store and run the following command:

chmod +x PATCH_FILE_NAME.sh

Cloudways users can reset the permissions within the platform using 1-click Reset Permission button in the Application tab.

Applying the Magento Security Patch

Finally, to apply the patch run the following command to execute it.

bash PATCH_FILE_NAME.sh

You will see something like this:

Magento Security Patch Applied

Verifying Magento Security Patch

After applying the Magento security patch, visit MageReport to verify that whether the patch has been applied and your Magento store is secured. If your patch was installed correctly, you should see patch name with the green background color.

Delete Magento Cache

After the verification process, navigate to the var directory of your Magento store and just clear the Magento cache using the following CLI command:

rm -rf cache/*

Conclusion

You just upgraded your Magento store and now your store is safe to operate. Updating your Magento store with the latest Magento security patch and keep on enjoying seamless Magento Cloud Hosting on Cloudways and reap benefits from improved sales from your ecommerce store.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Boost Your Magento Store Performance by 5x Times & Maximize Your Sales

Our fastest Magento hosting can help you in growing your business revenue by 500%

Fayyaz Khattak

Fayyaz is a Magento Community Manager at Cloudways - A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. Fayyaz is a food lover and enjoys driving. You can email him at m.fayyaz@cloudways.com

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!