How to install Magento patch SUPEE-5994?

  • Posted by Envision Ecommerce
  • /
  • May 15, 2015

Recently Magento released the critical Shoplift bug which we successfully patched over 80 stores. Yesterday Magento has issued another important Security patch  which is named as SUPEE-5994. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344).

According to the press release of Magento, SUPEE-5994 is a bundle of seven patches that resolves the following security-related issues. The patch can be downloaded from the Magento Community Downloads page.

  • ClosedAdmin Path Disclosure
  • ClosedCustomer Address Leak through Checkout
  • ClosedCustomer Information Leak through Recurring Profile
  • ClosedLocal File Path Disclosure Using Media Cache
  • ClosedSpreadsheet Formula Injection
  • ClosedCross-site Scripting Using Authorize.Net Direct Post Module
  • ClosedMalicious Package Can Overwrite System Files

The patch has to be applied the same way  Shoplift patch was applied. You need to first find the version of your Magento. Then download the respective SSH patch from magento download page. Upload the patch file respective to your version on Magento root directory.

Now using SSH, run the command and you should get a successful completion message. Here is how it sill look.

$ bash ./patch_file_name.sh
Checking if patch can be applied/reverted successfully…
Patch was applied/reverted successfully.

In case if you find any difficulty, Purchase our Service to get your Magento Store secured now. We shall do this upgrade for your  Magento Store to help you secure it.