SUPEE-10888 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities.
Where to download
Its best downloading the patch from the Magento.com download section - or via MDA - the Magento download tool (this is what this guide will use).
Applying the patch
The application of this patch is relatively straightforward. I'd recommend doing this in staging/development before attempting on live (if you don't have a dev. site follow this guide to create one).
Change directory to your Magento document root and fetch
mda.phar(the Magento downloader tool), if using Enterprise, refer to the documentation here to provide your id/token.
cd /microcloud/data/domains/example/domains/example.com/http wget -O mda.phar --no-check-certificate https://raw.githubusercontent.com/sonassi/magento-download-archive/master/bin/mda.phar php mda.phar
Select either CE/EE patch as appropriate,
1: Ce-patch 3: Ee-patch
Select the auto detected version of Magento,
0: 18.104.22.168 (auto detected)
Select the SUPEE-10888 patch (or press
mto download all missing patches),
0: SUPEE-10888 for CE 22.214.171.124-126.96.36.199 (PATCH_SUPEE-10888_CE_v188.8.131.52_v1.sh/SUPEE-10888)
Copy the patch to your Magento document root and apply it,
cp ./downloads/PATCH_SUPEE-10888 . bash PATCH_SUPEE-10888
Clean your Magento cache using MageRun,