Security News > 2020 > October > Critical Magento Holes Open Online Shops to Code Execution

Critical Magento Holes Open Online Shops to Code Execution
2020-10-15 20:59

Two critical flaws in Magento - Adobe's e-commerce platform that is commonly targeted by attackers like the Magecart threat group - could enable arbitrary code execution on affected systems.

Retail is set to boom in the coming months - between this week's Amazon Prime Day and November's Black Friday - which puts pressure on Adobe to rapidly patch up any holes in the popular Magento open-source platform, which powers many online shops.

The company on Thursday disclosed two critical flaws, six important-rated errors and one moderate-severity vulnerability plaguing both Magento Commerce and Magento Open Source.

Specifically affected are Magento Commerce, versions 2.3.5-p1 and earlier and 2.4.0 and earlier; as well as Magento Open Source, versions 2.3.5-p1 and earlier and 2.4.0 and earlier.

Adobe has issued patches in Magento Commerce and Magento Open Source versions 2.4.1 and 2.3.6, and "Recommends users update their installation to the newest version."


News URL

https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 4 106 68 28 206