Magento has released a bundle of patches that fix several vulnerabilities. The vulnerabilities addressed by the patch can be exploited by attackers to disclose confidential information and execute code remotely.
The bundle (SUPEE-5994) can be downloaded here and should be applied as soon as possible by users of Magento Community Edition and Magento Enterprise Edition.
It is important to note that the SUPEE-5994 Patch Bundle does not address the ShopLift vulnerability, which was fixed with the patch SUPEE-5344. Magento users should ensure that both sets of patches are applied to their Magento stores or they could be at risk of an RCE (remote code execution) attack.Posted in: Nexcess, Security