New Magento WAF Rule – RCE Vulnerability Protection

On April 25, 2015, the Magento Security Team introduced a new ModSecurity rule to address an essential RCE (remote code execution) vulnerability in the Magento e-commerce platform. Users of the WAF (Web Application Firewall) should enable protection by clicking the ON button next to the "CloudFlare Magento" Group in the WAF Settings. Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are affected by this vulnerability, and while CloudFlare WAF can help mitigate such issues, it is crucial for Magento users to apply the patch for SUPEE-5344 immediately.