AUG 05 2015

How to install SUPEE-6482

According to announce sent on August 4, 2015 new security patch SUPEE-6482 is available for installation to cover several potential threats, one of which is critical:

August 4, 2015: New Magento Security Patch (SUPEE-6482) – Install Immediately
Today we are providing a new security patch (SUPEE-6482) that addresses 4 security issues; two issues related to APIs and two cross-site scripting risks. The patch is available for Community Edition 1.4 and later releases and is part of the core code of Community Edition, which is available for download today. Before implementing this new security patch, you must first implement all previous security patches. Download Community Edition or the patch from the Community Edition download page at

The article describes patch installation process via shell / SSH console. If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

SUPEE-6482 patch is not related to previous patches in any way and can be installed independently, prior to or after installation of other security patches (SUPEE-1533, SUPEE-5344, SUPEE-5994 or SUPEE-6285).

Step 0: Preparations

Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.

Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '1',
            'patch'     => '1',

As you can see in the example, it is Magento

Step 2: Download corresponding patches

Patches are obtained from

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.

$ ls -1 .


Step 4: Run the patches

$ bash ./
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Step 5: Verification and flush of PHP opcode cache

Verify patch status at our patch tester page.
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.




Posted in: Magento Maintenance

How to install SUPEE-6482
0 votes, 0.00 avg. rating (0% score)
  • Hahni

    The version without SSH for 1.5.x.x is missing :(

  • james

    I’ve installed all the patches with your instructions and the test show my site is safe. Thanks very much! However it seems there is some hack left over. Occasionally when selecting from the menu drop down it will open a casino Web site. Mostly from a mobile device menu and sometimes from the full site menu also. Is there something I should look for?