Security News > 2020 > January > Magento patches critical code execution vulnerabilities, upgrade ASAP!
Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution.
According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.
In the "Important" category are two stored cross-site scripting flaws and a path traversal vulnerability, all of which could lead to sensitive information disclosure.
Magento is one of the most popular open-source e-commerce platforms out there, but web stores running it have unfortunately become a prime - though not exclusive - target for card-skimming cybercriminals.
Vulnerabilities in the Magento core are just one vector through which attackers can gain access to online shops to insert card-skimming code into them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EBvq8zYCh2Y/
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)