10 Jul Magento platform vulnerable to Zend Framework hack
Magento have just published details of a serious vulnerability in the Zend Framework. Users of Magento versions 1.4 to 1.7 are being urged to patch their systems as soon as possible.
“The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.”
There are a number of ways to patch the exploit. Full instructions are listed here