Magento Commerce and Open Source 2.2.1, 2.1.10 and 2.0.17 contain multiple security enhancements that help close Cross-Site Scripting (XSS), Local File Inclusion (LFI), authenticated Admin user remote code execution (RCE) and Arbitrary File Delete vulnerabilities.
As always, install the patch in a development environment and test before applying it to your live site.
If you need any assistance with security patch updates, please send an email to: email@example.com or contact your Account Manager at eBoundHost.
For your convenience, we have quoted some of the announcement from Magento’s Forum down below. Visit the official Magento site for more details:
APPSEC-1325: Stored XSS in Billing Agreements
APPSEC-1825: PHP Object Injection in E-mail templates leading to Remote Code Execution
APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution
APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution
APPSEC-1881: PHP Object Injection in Downloadable Products leading to Remote Code Execution
APPSEC-1893: PHP Object Injection in product metadata leading to Remote Code Execution
APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input
APPSEC-1910: Local File Inclusion (LFI) in Import History
APPSEC-1930: PHP Object Injection in Widgets leading to Remote Code Execution
APPSEC-1931: PHP Object Injection in Zend Framework leading to Arbitrary File Deletion
Every time I call with a problem or question, Everyone, especially Denis has always stepped up to the occasion. As usual he solved yet another problem I had. You have a superlative customer service. It doesn't get any better. Keep it up guys.
I'm Stan Bogdashin, a customer of your hosting company for the past 2 years. Our company provides web design, development and Search Engine Optimization (SEO) services. Want to thank you for helping us by providing great hosting seamless support - this is why I continue to recommend you and don't use anyone else for hosting!
I have been a customer since December of 2001, and the service has been nothing less than excellent. I would recommend eBoundHost highly.
eBoundHost provides the very best service I've experienced in hosting. It takes less than 24h to get an answer to any question. They're great.
eBoundHost is really the best hosting service in today's marketplace. Fast and efficient customer service with excellent IT knowledge. Good price and many bundled extra options. Highly recommended!
eBoundHost.com has been a dream to work with. My questions are answered in minutes, the price is very reasonable, the interface is great, I am very happy with how smooth everything works.
eBoundHost is the best. I have dealt with many hosting providers over the last 10 years. eBoundHost surpasses them all. Absolutely the highest level of quality service anywhere. Do yourself a big favor and sign on with eBoundHost.
I waited to write a review until I had absolutely everything working, thinking that something would come up that eboundhost couldn't solve almost immediately. I've never been so happy to be wrong - their customer support is just incredible.
EXCELLENT across the board, super quick reply to questions (about 15-30min). Outstanding! Loads of features, excellent price! Loads of space and bandwidth!
Over the years, I've dealt with many companies. None come close to equaling the service and price offered by eBoundHost.
SUPER SUPPORT - even during "off hours" - Sundays & holidays. Responses have always been within minutes of the initial call or email. The BEST vendor I have ever used in my 10 plus years as a webhosting services consumer.
Great customer service. After looking around for a while we signed up with eBoundHost. And I can assure you that we made right decision. Customer service is so good that I don't have words to explain. I would recommend this service to everyone.
1) Their technical support people are always available to help with questions. 2)Server and network speed excellent. 3)Everything works great. 4)I highly recommend them!!!Thank you.
Fast, reliable, full of features... Over the years, I have used more than a dozen hosts, both the big ones and smaller ones; eBoundHost.com is by far my favorite.