If you have an online business and you are running a magento website, you must read this whole article carefully.
Magento recently released new versions of its platform to tackle the total 37 newly discovered vulnerabilities. One of the most reported vulnerability was SQL Injection.
Using this attack vector, an attacker uses a query on databases in an unauthorized manner. This could happen due to poorly written SQL queries. If the attack gets successful then the hacker can access the login information of the users, credit card information and other sensitive data.
Listed below are the affected Magento versions:
v Magento Open Source prior to 18.104.22.168
v Magento Commerce prior to 22.214.171.124
v Magento Commerce 2.1
v Magento Commerce 2.2
v Magento Commerce 2.3
Since magento website stores sensitive information like login information, passwords, billing information, credit card numbers etc. and this attack could yield disastrous circumstances for your business.
To avoid such situation you must always keep your site updated according to new coding standards. Do not use PHP in native way rather use any framework and if you are running any CMS i.e wordpress or magento, patch it immediately.