Magento released a patch (February 9, 2015) for all Magento stores from versions 1.6 to the latest 1.9.1.0 version that addresses a potential remote code execution exploit. Although Magento states that they are not aware of any live stores that have been exploited by this bug, it is nonetheless a serious security issue that could be used to upload malicious files into a Magento store.
We have patched all hosted Magento stores that are running versions 1.6 to 1.9.1.0. We had extensively tested the patch and found it to be quite safe to apply to all stores.
Our Magento installer for new stores has also been updated to include this patch.
If you have any questions about this patch, please let us know.
- LexiConn Support