So whats Webgility RCE vulnerability. This is the latest added by MageReport about the The Webgility Remote Code Execution vulnerability which allows a remote attacker to take complete control over your Magento shop. This only is affected if you use webgility for syncing data from magento to quickbooks. If you dont use that then your shop is free from this attack. Now for those who have. Still didnt got a new release yet from Webgility about this threat.
So what can we do to limit it. Most we can restrict the access to this folder in your root folder in magento. Add your ip’s which you use to connect to webgility software in the webgility folder. That will work till the fix comes out fully.
Update: patch has been released by Webgility .
2X Certified Adobe Magento Commerce with 10+ years’ experience in Magento platform
One thought on “Webgility RCE vulnerability Threat for Magento 1”
We have released the patch of Webgility store module. Please refer our blog for complete details. https://www.webgility.com/blog/security-vulnerability-update/