cancel
Showing results for 
Search instead for 
Did you mean: 

PCI Compliance fail

PCI Compliance fail

I had a recent compliance fail because of an Integer based SQL injection vulnerability in REST-style parameter. The failed url is /checkout/cart/add/uenc/aHR0cHM6L.......D1V/product. All of the security patches with the exception of patch 7405 have been installed. The site is currently running magento 1.8.1. How can I fix this?

1 REPLY

Re: PCI Compliance fail

Here is a quick/dirty explanation of the issue along with a quick/dirty (but valid) fix

 

http://www.thesjg.com/2016/04/magento-integer-based-sql-injection-vulnerability-product-parameter/