Magento Security Patch Tester

At this page you can check if your store is vulnerable to the most recent security issues and verify Magento security patches installation on your store.

To check Magento security patches applied enter Frontend URL of your store:

 

For details on applying patches please refer to articles tagged with patch tag or use patch installation service.

  • Tom Calpin

    Hey Magentary, this tool is brilliant, thanks.
    One thing I’m getting when testing one shop is ‘Path disclosure: Magento root directory leaked:’, but it seems safe with all the other tests. Which vulnerability does this warning relate to?
    Thanks

    • Rashid

      Make sure that phpinfo file does not exists.

      • Brian Sirois

        what do you mean ? theres a phpinfo.php file in the public_html ? should I remove it ?

        • Rashid

          Yep. I had the same issue.

  • Jayme Jayme

    SUPEE-6788: Unknown, can not determine patch status.

    What does this mean? according to another patch tester, it is saying 6788 is installed and OK.

  • Sejda Hajji

    i need to integrate this tool in my laravel 5.2 application how can i do this can any one give me the source code thank you in advance

  • Emma Natacha Bernard Schneider

    After PAtch installation, Slider on homepage is lost!! How to reset the patch????

    • magentary

      To fix slider you may need to whitelist slider blocks after patch installation or correct the extension as per release notes/known issues section in instructions. To revert patch you can use –revert option for patch script or rollback all files replaced, depending on the way you applied the patch.

    • Michel Van de Wiel

      Hello Emma, Reset a patch is not very easy, also you need to remove something in the database! Can you tell me which package you want to Remove ?

  • Aaron McGuire

    I’m getting SUPEE-6788 is not installed, however it is. The others report it too. Not sure why this doesn’t catch it…

    • magentary

      Most likely SUPEE-6788 is applied against default theme only (by default only base and default themes are patched) and custom theme is still unpatched. You can refer to https://magentary.com/kb/magento-registration-form-does-not-work-after-supee-6788/ and https://magentary.com/kb/reset-password-blank-page-after-supee-6788/ for details on patching custom theme.

      • Aaron McGuire

        Thanks for the reply – are there any other possible patches required in the custom theme directory? Registration was previously patched and I am not overriding the password reset template.

        • Aaron McGuire

          You got me going on the right track and likely resolved issues I hadn’t received reports on yet, so thank you. I found the missing edit that your tester was catching:

          /app/design/frontend/YOUR_PACKAGE/YOUR_THEME/template/customer/form/resetforgottenpassword.phtml

          – <form action="getUrl(‘*/*/resetpasswordpost’, array(‘_query’ => array(‘id’ => $this->getCustomerId(), ‘token’ => $this->getResetPasswordLinkToken()))); ?>” method=”post” id=”form-validate”>
          + <form action="getUrl(‘*/*/resetpasswordpost’); ?>” method=”post” id=”form-validate”>

          Thanks for your help!

          -edit: sorry about the code formatting :/

  • Phonix Team

    Hello, thank you for your work, very professional and quick. thank you!

    Greetings from Switzerland
    Phonix Team