So whats Webgility RCE vulnerability. This is the latest added by MageReport about the The Webgility Remote Code Execution vulnerability which allows a remote attacker to take complete control over your Magento shop. This only is affected if you use webgility for syncing data from magento to quickbooks. If you dont use that then your shop is free from this attack. Now for those who have. Still didnt got a new release yet from Webgility about this threat.
So what can we do to limit it. Most we can restrict the access to this folder in your root folder in magento. Add your ip’s which you use to connect to webgility software in the webgility folder. That will work till the fix comes out fully.
Update: patch has been released by Webgility .
435 total views