PCI Compliance fail

kickanwing · ‎03-02-2016

I had a recent compliance fail because of an Integer based SQL injection vulnerability in REST-style parameter. The failed url is /checkout/cart/add/uenc/aHR0cHM6L.......D1V/product. All of the security patches with the exception of patch 7405 have been installed. The site is currently running magento 1.8.1. How can I fix this?

evilsjg · ‎04-19-2016

Here is a quick/dirty explanation of the issue along with a quick/dirty (but valid) fix

http://www.thesjg.com/2016/04/magento-integer-based-sql-injection-vulnerability-product-parameter/

PCI Compliance fail

PCI Compliance fail

Re: PCI Compliance fail