Posted on Leave a comment

Magento Recommendations for PHP Vulnerabilities

On September 3, Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP (full alert is available here).

Magento is an open-source e-commerce platform written in PHP.

Magento Commerce and Open Source Edition suffers from multiple Vulnerability including RCE, XSS,and XSRF vulnerabilities,along with an SQL Injection vulnerability through an unauthenticated user(PRODSECBUG-2198).

Affected Versions:
Magento Open Source prior to 1.9.4.1, and Magento Commerce prior to 1.14.4.1, Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8, Magento 2.3 prior to 2.3.1

QID Detection Logic(unauthenticated ):
This QID attempts to run an command on the target over an unauthenticated crafted HTTP/HTTPS GET request to exploit sql injection web vulnerability and looks for vulnerable response.

Since Magento relies on PHP, we recommend that all Merchants using Magento review necessary updates for PHP with their hosting provider. We also recommend that Merchants complete this review and any updates by September 30 in order to avoid PCI compliance issues that may go into effect as a result of these vulnerabilities at the end of the month.

If you would like more information on PHP and recent releases, you can visit PHP’s site

So all magento prior to 2.3.1 might not safe and have PCI compliance issues. If you need an Hawaii onshore expert to upgrade magento to add security, stability & increased Performance to Your Site. please feel free to contact us by submitting the below form.

.

Posted on Leave a comment

mod_multilingual

mod_multilingual
An AI translation solution to translate your website and web applications.

Apache 2 loadable module
Version: 1.0.02 (20-Dec-2018)

“LLTranslator is the first and only distributed system for translating and managing multilingual from the home language of your website.”

mod_multilingual is an Apache 2 loadable module for linux systems. It integrates our LLTranslator with your website or web application with no changes on your site.

Experience a better way to translate your online content and go multilingual, directly from the front-end using a friendly user interface.

LLTranslator detects and translates all your content even visitors generated contents like reviews and comments in any language and provides a unique place to edit translations or purchase professional translations to ensure the quality of translations.

LLTranslator is totally SEO compatible. Your translated pages are automatically indexed following Google best practices in terms of multilingual SEO to help search engines easily index your content and deliver it to visitors that are looking for your content/products.
Also LLTranslator Don’t Use 100% machine translation even you don’t edit translations or purchase professional transactions because LLTranslator has its own native language match model. Here’s Google’s comment: “Automated translations don’t always make sense and could be viewed as spam.”

Tell us how do you want to use our mod_multilingual by contacting us.