Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server. Magento is a popular eCommerce platform used by eBay.
A patch to address the flaws was released on February 9, 2015 (SUPEE-5344 available here).
To read more go here – http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/