A SQL injection vulnerability has been identified in pre-2.3.1 Magento code. To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. However, to protect against this vulnerability and others, you must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8. We strongly suggest that you install these full patches as soon as you can<\/em>.<\/strong><\/p>\n\n\n\n PCI Compliance Requirement 6: Develop and maintain secure systems and applications<\/strong>. All critical systems must have the most recently released software patches to prevent exploitation. <\/strong>\n The average merchant relies upon third party developers for web site \nmaintenance, but unless specifically contracted to update the e-commerce\n software and add-on modules, don\u2019t count on it.<\/p>\n\n\n\n Only 16.4% of organizations that had suffered a data \nbreach were compliant with Requirement 6, compared to an average of 64% \nof organizations assessed by our QSAs in 2014- Verizon 2015 PCI \nCompliance Report.<\/p><\/blockquote>\n\n\n\n Payment gateway implementation requirements have changed over time as a result of cross-site scripting and cross-site request forgery (CSRF) to meet current PCI Compliance standards. Merchants should verify all components of their ecommerce ecosystem are current, and have a system for ongoing monitoring and updating.<\/p>\n\n\n\n RESOURCES<\/p>\n\n\n\n Magento 2.3.1, 2.2.8 and 2.1.17 Security Update A SQL injection vulnerability has been identified in pre-2.3.1 Magento code. To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. However, to protect against this vulnerability and others, you must … Continue reading