Recently, Magento has updated it’s SUPEE 10752 which includes fixing an issue of registration from the checkout page. But in this newer patch, it no longer protects against two low-risk session handling-related security issues that patch SUPEE-10752 protected against.
In the previous release of Magento 18.104.22.168 & SUPEE patch 10752 that is published on 27th June, contains multiple security enhancements addressing remote code execution (RCE), cross-site scripting (XSS) and small functional fixes that are listed in the Magento Release notes.
We have come up with patch files and recommend you to install them as soon as possible to safeguard your Magento stores against potential security threats.
NOTE: Conflicts during installation of the patch SUPEE-10752 are caused most often by having version 1 of the previous patch installed (SUPEE-10570v1). Please make sure to remove SUPEE-10570v1 and install SUPEE-10570v2 prior to installation of SUPEE-10752.
I have explained installation of patches with both the ways here:
Follow this instruction to install patch on your store,
Upload patch files in the root of Magento.
Make one file with the name of patch.php, write following code in it,
<!--?php print("<PRE>"); passthru("/bin/bash SUPEE-10752.sh"); print("</PRE>"); echo "Done"; ?-->
replace the file name in it, upload it in the root and run the file from the browser.
Name should be SH PATCH_SUPEE-10752_CE_v22.214.171.124_v1-2018-06-11-04-34-37.sh
You should receive following screen once you run patch.php from the browser,
If you are getting error like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
We have updated the patch files for the older Magento versions. It is very much recommended to use this patches at your own risk, please take backup of your website prior to installation.
You can install patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
Upload the patch files in the root,
In ssh console, run the command as following.
For .sh file extension
For .patch file extension:
patch —p0 < patch_file_name.patch
Download the zip file for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, simply upload it to your Magento root folder.
It is still recommended to upgrade to Magento version 126.96.36.199 which includes all the security patches including SUPEE 10752. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.