Critical Magento Flaws Allow Code Execution

2020-07-29 21:22

Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems.

Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.

The critical flaws include a path traversal flaw that could enable arbitrary code execution.

Another critical vulnerability is a security mitigation bypass, which could also allow arbitrary code execution.

In April Adobe patched several critical flaws in Magento, which if exploited could lead to arbitrary code execution or information disclosure.

News URL

https://threatpost.com/critical-magento-flaws-code-execution/157840/

#codeexecution #critical #magento

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Magento		3	52	119	27	11	209

News URL

Related news

Related vendor