According to announce sent on new security
patch SUPEE-6482 is available for installation to cover several potential threats, one of which is critical:

The article describes patch installation process via shell / SSH console.
If you have no SSH access to apply the patch, you can simply
upgrade your installation to Magento 1.9.2.1 version which includes all the latest security patches (SUPEE-5344,SUPEE-5994, SUPEE-6285,SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

If you wish to save time and have us to
install these patches for you, simply
click here to order installation.

SUPEE-6285.

Step 0: Preparations

Make sure to Disable Magento CompilerSystem > Tools > Compilation and clear compiled cache.

Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
    {
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '1',
            'patch'     => '1',

As you can see in the example, it is Magento 1.9.1.1

Step 2: Download corresponding patches

Patches are obtained from https://www.magentocommerce.com/products/downloads/magento/

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory.

$ ls -1 .
PATCH_SUPEE-6482_CE_1.9.2.0_v1-2015-08-03-06-51-10.sh
app
cron.php
downloader
errors
favicon.ico
index.php
js
lib
mage
media
pkginfo
robots.txt
shell
skin
var

 

Step 4: Run the patches

$ bash ./PATCH_SUPEE-6482_CE_1.9.2.0_v1-2015-08-03-06-51-10.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Step 5: Verification and flush of PHP opcode cache

Verify patch status at our patch tester page.
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.