As a platform for e-commerce Magento, which works on the basis of a huge number of online stores found critical vulnerability, allows an attacker to execute arbitrary PHP-code on the server and get full access to the data online store, including information on the customer's credit card. The attack can be accomplished without committing authentication. The problem is present in the base of the engine Magento and appears in the default configuration. The problem was identified in February and has already been fixed in the update SUPEE-5344, while for non-disclosure agreement about the vulnerability made public only now.