Reply to post: Just remember...

Magento attacks uncanny hacks-men with shopper-popper patch

Anonymous Coward
Anonymous Coward

Just remember...

Magento 2 is touted as being bigger, better, faster and more secure... Than Magento 1.

With features such as:

CVSSv3 Severity: 9.8 Magento no longer permits an unauthenticated user to remotely execute code on the server through APIs. Previously, an unauthenticated user could remotely execute PHP code on the server using either REST or SOAP APIs. (These APIs are enabled by default in most installations.)

Yeah, remote code execution as a service with full API... better'n WordPress!

CVSSv3 Severity: 9.8 The Magento installation code is no longer accessible once the installation process has completed. Previously, an unauthenticated user or user with minimal permissions could execute PHP code on the server because the installation process would leave the /app/etc directory writeable. Anyone, anywhere wanna do a reinstall?

Just wait till they've got the site tweaked for best Customer UX, then REBOOT!

Maybe we'll want to wait until Magento 2.1, you know what they say about Microsoft and x.0 versions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019