You can see more information at: https://magento.com/security/patches/supee-8788
Always make sure you have up to date backups of your site before applying a patch.
What does this patch fix?
Quite a few things including:
With some payment methods it might be possible to execute malicious PHP code during checkout.
A bug in Zend Framework value escaping allows a malicious user to inject SQL through the ordering or grouping parameters. While there are no known frontend entry point vulnerabilities that would allow for a full SQL injection, we’ve found an entry point in the Magento Admin panel, and other entry points most likely exist.
With access to any CMS functionality, an attacker with administrator permissions can use blocks to exfiltrate information stored in cache. This sensitive information includes store configuration, encryption key, and database connection details. Additionally, it might be possible to execute code.
In certain configurations, it is possible to log in as existing store customer while knowing only his email address, not his password.
The import/export functionality in Magento unserializes data supplied from the Admin dashboard without proper checks. This can lead to possible code execution if a malicious user has Magento Admin access, even if access is limited to the import/export functionality.
It is possible to manipulate the full page cache to store incorrect pages under regular page URL entries. This issue affects only Magento Enterprise Edition.
If you need any assistance from us, please get in touch.