Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.
Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.