Security News > 2020 > July > Critical Magento Flaws Allow Code Execution
Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems.
Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.
The critical flaws include a path traversal flaw that could enable arbitrary code execution.
Another critical vulnerability is a security mitigation bypass, which could also allow arbitrary code execution.
In April Adobe patched several critical flaws in Magento, which if exploited could lead to arbitrary code execution or information disclosure.
News URL
https://threatpost.com/critical-magento-flaws-code-execution/157840/
Related news
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)