Security News > 2020 > July > Critical Magento Flaws Allow Code Execution
Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems.
Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.
The critical flaws include a path traversal flaw that could enable arbitrary code execution.
Another critical vulnerability is a security mitigation bypass, which could also allow arbitrary code execution.
In April Adobe patched several critical flaws in Magento, which if exploited could lead to arbitrary code execution or information disclosure.
News URL
https://threatpost.com/critical-magento-flaws-code-execution/157840/