Magento Expert Forum - Improve your Magento experience

Results 1 to 3 of 3

How to Secure Magento Against SQL Injections

  1. #1
    [ Contributor ] Wajid Hussain's Avatar
    Join Date
    Nov 2014
    Thanked 7 Times in 6 Posts

    Default How to Secure Magento Against SQL Injections

    We have all heard and witnessed that Magento comes with some predefined tools which are intended to secure your store from SQL injections. Yet the security researchers have found some vulnerabilities, which can potentially cause harm.

    What is the nature of the Attack?

    The vulnerability consists of compromising a chain of liability which allows malicious injections and unauthenticated attacker to execute random PHP/SQL codes on E-commerce websites. In layman’s terms, this allows the attacker to bypass all your security mechanism, then get the access to your store and the whole database. It lets the attacker then create a new admin account in your existing one, or lets them access and steal critical information like credit card etc. There are many other harmful things that SQL injections can cause to your Ecommerce business and your store’s customers. What is of more concern is the fact that this attack is not limited to any specific plugin or theme. It is present at the core Magento and it ends up affecting any default installation of community and enterprise editions both.

    Read Complete Tutorial Here:

    View more threads in the same category:

  2. #2
    Junior Member
    Join Date
    Dec 2016
    Thanked 1 Time in 1 Post


    Thanks for sharing. It will useful for me

  3. #3
    New member
    Join Date
    May 2017
    Thanked 0 Times in 0 Posts


    Thanks for explaining about the nature of the Attack, it helps me understand more about it and know how to secure Magento against SQL injections.
    192.168 1.1

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts