[23-Mar-2024 11:34:42 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Uri.php on line 24 [23-Mar-2024 17:22:13 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Toolbar.php on line 22 [26-Mar-2024 13:29:00 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Shortcode.php on line 19 [07-Apr-2024 20:50:03 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_SingletonTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Compatibility.php on line 21 [22-Apr-2024 01:11:01 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/LoginRedirect.php on line 23 [27-Apr-2024 12:01:47 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_SingletonTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Core.php on line 29 [29-Apr-2024 08:46:14 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Capability.php on line 16 [20-May-2024 23:30:31 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Capability.php on line 16 [14-Jun-2024 03:19:07 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Capability.php on line 16 [15-Jun-2024 11:51:01 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Uri.php on line 24 [21-Jun-2024 22:54:39 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_SingletonTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Compatibility.php on line 21 [25-Jul-2024 17:18:44 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [25-Jul-2024 17:18:44 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Toolbar.php on line 22 [15-Aug-2024 09:41:56 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [15-Aug-2024 09:41:56 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [15-Aug-2024 09:41:56 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Capability.php on line 16 [26-Aug-2024 09:54:58 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [26-Aug-2024 09:54:58 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [26-Aug-2024 09:54:58 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Capability.php on line 16 [28-Aug-2024 00:16:58 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [28-Aug-2024 00:16:58 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [28-Aug-2024 00:16:58 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Shortcode.php on line 19 [06-Sep-2024 22:28:06 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [06-Sep-2024 22:28:06 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [06-Sep-2024 22:28:06 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_SingletonTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Core.php on line 29 [11-Sep-2024 15:48:15 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [11-Sep-2024 15:48:15 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [11-Sep-2024 15:48:15 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/SecureLogin.php on line 32 [13-Sep-2024 13:54:30 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [13-Sep-2024 13:54:30 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [13-Sep-2024 13:54:30 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/DeniedRedirect.php on line 21 [24-Sep-2024 18:09:42 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [24-Sep-2024 18:09:42 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [24-Sep-2024 18:09:42 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Toolbar.php on line 22 [24-Oct-2024 10:28:10 UTC] PHP Warning: Module 'sodium' already loaded in Unknown on line 0 [24-Oct-2024 10:28:10 UTC] PHP Warning: Version warning: Imagick was compiled against ImageMagick version 1692 but version 1693 is loaded. Imagick will run but may behave surprisingly in Unknown on line 0 [24-Oct-2024 10:28:10 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/DeniedRedirect.php on line 21
At recent days, we have gather knowledge regarding a serious vulnerability in the Zend Framework on which professionals are creating Magento. With this note, one can get information on how one can easily install and access a patch that addresses this matter.
What the issue is all about?
With vulnerability potentially, an attacker can easily read any file on the web server, where the Zend XMLRPC functionality is facilitated. Some of the important files such as configuration files, password files, and possibly even databases might be included in this, if webmaster are stored on same machine as the Magento web server.
What is the Solution?
According to us, it is best if all Magento implementations are installing the latest patch, which is appropriate for your platform
Magento Enterprise Edition and Professional Edition merchants:
To access, it is advisable to access the Zend Security Upgrade patch from Patches & Support for your product, which is available in Downloads section of your Magento account. It is compulsory to make log-in in your account.
Download
Magento Community Edition merchants:
Community Edition 1.4.2.0
Community Edition 1.4.0.0 through 1.4.1.1
Community Edition 1.5.0.0 through 1.7.0.1
Magento Go
If you are Magento Go customers, you don’t require creating any updates. On the backend, all fixes will be applied mechanically.
Some Instructions regarding Applying the Patch
First of all, you have to go to the root of your Magento root directory: cd /home/mystore/public_html
wget –O patch_name.patch
Now, download the patch from the given link, which is best for your version. You can do this from the Unix command prompt
Apply the patch: patch -p0 < patch_name.patch
Important note:
One can have to applied patch to all the servers, if you are running more than one web server.
Workaround
In case, if you are unable to applied patch, then following instructions are helpful for you for temporarily disable the RPC functionality that contains the vulnerability. If you are implementing this workaround, after that, any integration that relies on the XMLRPC API functionality will no longer supported.
Firstly, you have to navigate to the www-root where Magento app files are stored.
After that, navigate to /app/code/core/Mage/Api/controllers in the wwwroot
Now, for editing, open XmlrpcController.php
Then, comment out or delete the body of the method: public indexAction()
Lastly, save all changes
Additional Notes
The RPC interface may be monitored by the Users with existing IDS capability for watching the attacks. One of the best ways to secure Magento platform is to maintain an up-to-date installation of the Magento platform.
The suitable patches are incorporate by the latest releases of Magento (Community Edition 1.7.0.2 and Enterprise Edition 1.12.0.2). It is must to use correct versions of releases 1.7.0.2 and 1.12.0.2. In latest releases, you doesn’t get modified Zend library directly in place of that, you will get vulnerable methods within Magento Code by adding two new classes:
app/code/core/Zend/XmlRpc/Response.php
app/code/core/Zend/XmlRpc/Request.php
They are doing that with an intention of the underlying Zend Framework version 1.11.1 for Magento 1.X. Now, they are planning to upgrade the Zend Framework in Magento in their future releases!!
Harshal Shah is CEO & Founder of Xhtmljunkies, Located in Gujarat, India, XHTML Junkies is one of the best companies that offer unique eCommerce solutions by the virtue of its dedicated professionals. Our professionals are extremely proficient in offering development services pertaining to eCommerce. You can find Harshal on Google+ and Twitter.