A critical security vulnerability has been discovered in the e-commerce software xt:Commerce that allows attackers to gain unauthorized access to online shops.
Affected Versions
Multiple versions of xt:Commerce are affected. We recommend all operators check their version and update immediately.
Type of Vulnerability
The security vulnerability allows:
- SQL injection via certain parameters
- Access to the database containing customer data
- In the worst case: administrator access to the shop
Immediate Actions
- Update xt:Commerce to the latest version
- Check your database for unauthorized changes
- Change all admin passwords
- Review server logs for suspicious access attempts
Managed Server Customers
If you operate a managed server with INGATE and use xt:Commerce, contact us. We will assist you with securing your system.
Contact: info@ingate.de
