Security News > 2020 > July > Critical Magento Flaws Allow Code Execution

Critical Magento Flaws Allow Code Execution
2020-07-29 21:22

Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems.

Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.

The critical flaws include a path traversal flaw that could enable arbitrary code execution.

Another critical vulnerability is a security mitigation bypass, which could also allow arbitrary code execution.

In April Adobe patched several critical flaws in Magento, which if exploited could lead to arbitrary code execution or information disclosure.


News URL

https://threatpost.com/critical-magento-flaws-code-execution/157840/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 4 106 68 28 206