{"id":359,"date":"2019-03-27T17:48:26","date_gmt":"2019-03-27T17:48:26","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/2019\/03\/27\/install-magento-2-patch-prodsecbug-2198\/"},"modified":"2025-01-02T09:44:49","modified_gmt":"2025-01-02T09:44:49","slug":"install-magento-2-patch-prodsecbug-2198","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/install-magento-2-patch-prodsecbug-2198\/","title":{"rendered":"How to Install Magento 2 Security Patch PRODSECBUG-2198"},"content":{"rendered":"\n

ALERT!\u26a0\ufe0f<\/h2>\n\n\n\n
\n

Following the release of the Magento 2 Security Patch PRODSECBUG – 2198 and SUPEE 11086<\/a>,\u00a0proof-of-concept (POC) exploit was published<\/a>, for SQL Injection vulnerability, giving the hackers a path to the database of your E-commerce sites! This provokes the urgency to patch your store NOW!\u00a0You can either follow this blog post or contact us<\/a> for instant help!<\/strong><\/p>\n<\/blockquote>\n\n\n\n

On 26th March 2019, Magento released Security Patch PRODSECBUG-2198<\/i><\/strong> for fixing a critical SQL injection vulnerability. Due to this vulnerability, an unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. We strongly suggest that you install these full patches as soon as you can.<\/p>\n\n\n\n

PRODSECBUG-2198 Information<\/strong><\/h2>\n\n\n\n
Particulars<\/strong><\/th>Details<\/strong><\/th><\/tr><\/thead>
Type:<\/strong><\/td>Injections: SQL<\/td><\/tr>
CVSSv3 Severity:<\/strong><\/td>9 (Critical)<\/td><\/tr>
Known Attacks:<\/strong><\/td>none<\/td><\/tr>
Description:<\/strong><\/td>An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage.<\/td><\/tr>
Product(s) Affected:<\/strong><\/td>Magento Open Source prior to 1.9.4.1, and Magento Commerce prior to 1.14.4.1, Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8, Magento 2.3 prior to 2.3.1<\/td><\/tr>
Fixed In:<\/strong><\/td>Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1<\/td><\/tr>
Reporter:<\/strong><\/td>cfreal
<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Follow the 6-Step Guide to install PRODSECBUG-2198:<\/strong><\/h2>\n\n\n\n

Step 1: Backup Your Magento Store<\/h3>\n\n\n\n

It’s a wise step to back up your Magento Store before applying any security Patch because your store might have some confliction with the Patch files.<\/p>\n\n\n\n

Step 2: Download & Upload the Patch<\/h3>\n\n\n\n

Download the Patch PRODSECBUG-2198<\/strong> from here<\/a>\u00a0for your Magento Store Version and upload it to your Magento folder.<\/p>\n\n\n\n

Step 3: Apply the Patch<\/h3>\n\n\n\n

After you log in to your shell server and navigating to your Magento Folder, run the following command:<\/p>\n\n\n\n

bash Patch-Name<\/code><\/pre>\n\n\n\n
e.g.<\/p>\n\n\n\n
bash PRODSECBUG-2198-2.3-CE.patch<\/code><\/pre>\n\n\n\n
Step 4: Clear your Magento Cache<\/h3>\n\n\n\n
It’s recommended to flush your Magento Cache after applying the patch. You can either clear and flush the cache from Magento admin or run the following SSH commands:<\/p>\n\n\n\n
php bin\/magento cache:flush<\/code><\/pre>\n\n\n\n
php bin\/magento cache:clean<\/code><\/pre>\n\n\n\n
Step 5: Confirm the Patch Installation<\/h3>\n\n\n\n
Run the following command to know if the patch has been installed successfully:<\/p>\n\n\n\n
grep '|' app\/etc\/applied.patches.list<\/code><\/pre>\n\n\n\n
grep '|' app\/etc\/applied.patches.list<\/code><\/pre>\n\n\n\n
Step 6: Remove the Patch file<\/h3>\n\n\n\n
After the successful patch installation, you can remove the .patch file from the root of your Magento Run the following command to remove it using SSH:<\/p>\n\n\n\n
rm Patch-Name<\/code><\/pre>\n\n\n\n
Note:
<\/strong>With the above method in Magento 2.2 CE version you may face an error as below:<\/p>\n\n\n\n
bash PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
diff: unrecognized option \u2018\u2013git\u2019
diff: Try \u2018diff \u2013help\u2019 for more information.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 2: index: command not found
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 3: \u2014: command not found<\/p>\n\n\n\n
In order to avoid this error, follow the below steps:<\/p>\n\n\n\n
    \n
  • If you use git for your project:
    git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch<\/li>\n\n\n\n
  • use patch\n
      \n
    • Remove the a\/ and b\/ before the path name.<\/li>\n\n\n\n
    • Move the patch file to your Magento root and execute patch -p0 < PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
      That’s it \ud83d\ude42<\/p>\n\n\n\n
      Let me know via commenting below if you face any issue while installing PRODSECBUG-2198<\/i>.<\/p>\n\n\n\n
      Don’t forget to hit the 5\u2b50\ufe0f if this post helps you.<\/p>\n","protected":false},"excerpt":{"rendered":"
      ALERT!\u26a0\ufe0f Following the release of the Magento 2 Security Patch PRODSECBUG – 2198 and SUPEE 11086,\u00a0proof-of-concept (POC) exploit was published, for SQL Injection vulnerability, giving…<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","hentry","category-magento"],"acf":[],"_links":{"self":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":1,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"predecessor-version":[{"id":4128,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/359\/revisions\/4128"}],"wp:attachment":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}