Magento Patch Installation

Magento Patch Installation

Magento Recent Patch Bundle's:


The SUPEE- 7405 Patch Bundles (Released 1/20/2016). This update is, as always, a part of Magento's ongoing commitment to excellence in platform security and performance. But as often is the case, many folks will fail to keep their version of Magento up to date. This can cause significant problems in many areas of your website, and especially with these updates being focused on Security. As such Mediotype is offering a service for updating systems to their current version.

Availability: In stock

$99.00

Magento Patch Installation

Version: 2.0.1 Added January 20th, 2016

Includes Patches: SUPEE-7405

Affects: Magento CE prior to 1.9.2.3 and Magento EE prior to 1.14.2.3

The SUPEE-7405  Patch Bundles (Released 1/20/2016). This update is, as always, a part of Magento's ongoing commitment to excellence in platform security and performance. But as often is the case, many folks will fail to keep their version of Magento up to date. This can cause significant problems in many areas of your website, and especially with these updates being focused on Security. As such Mediotype is offering a service for updating systems to their current version.

Timeframe: Mediotype will contact you within 1 business day of your purchase to schedule your upgrade. Once the upgrade is scheduled it will typically take about an hour to complete.

Update Descriptions

SUPEE-7405 Patch Bundle 

This patch bundle protects your Magento installation against several potential security threats including issues surrounding:

  • Stored XSS in order Comments APPSEC-1239
  • Stored XSS in order APPSEC-1260
  • Guest order view protection code vulnerable to brute force attack APPSEC-1270
  • Information disclosure in RSS feed APPSEC-1171
  • CSRF token not validated on backend login page APPSEC-1206
  • Malicious files can be upload via backend APPSEC-1306
  • SCRF leading to execution of admin action after login APPSEC-1179
  • Excel formula Injection via CSV/XML export APPSEC-1110
  • XSS in product custom options APPSEC-1267
  • Editing or deleting reviews without permission APPSEC-1268
  • Disruption of email delivery APPSEC-1177
  • Captcha bypass APPSEC-1283
  • Admin path disclosure via Authroize.net APPSEC-1208
  • XSS Payload in website's translation table APPSEC-1214
  • CSRF delete items from cart APPSEC-1212
  • XSS via custom options APPSEC-1276
  • Risky serialized string filtering APPSEC-1204
  • Reflected XSS in backend coupon entry APPSEC-1305
  • Injected code can be stored in database APPSEC-1240
  • Stored XSS via email address APPSEC-1213