Well, that title might be a bit of a click bait… but there is some truth to it.
This might be old news to many of you, and it surely is not a worry for our clients (we keep them all up to date), but this it’s being a problem to some Magento2 merchants as reported by Naked Security by SOPHOS.
It’s an SQL injection flaw which can be exploited with no authentication or privileges, which is why for admins tending sites using Magento it’s a stop what you’re doing and patch this now situation.
Have a look at Naked Security’s article following the link below to check if your Magento version is vulnerable to SQLi attacks. And if you need any help, please get in touch.
Image by Blue Coat Photos, Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)