Security News > 2019 > February > Most Magento shops get compromised via vulnerable extensions

Most Magento shops get compromised via vulnerable extensions
2019-02-01 14:18

Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to … More → The post Most Magento shops get compromised via vulnerable extensions appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/PNicxmexW1s/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 4 106 68 28 206