Critical Magento Holes Open Online Shops to Code Execution

2020-10-15 20:59

Two critical flaws in Magento - Adobe's e-commerce platform that is commonly targeted by attackers like the Magecart threat group - could enable arbitrary code execution on affected systems.

Retail is set to boom in the coming months - between this week's Amazon Prime Day and November's Black Friday - which puts pressure on Adobe to rapidly patch up any holes in the popular Magento open-source platform, which powers many online shops.

The company on Thursday disclosed two critical flaws, six important-rated errors and one moderate-severity vulnerability plaguing both Magento Commerce and Magento Open Source.

Specifically affected are Magento Commerce, versions 2.3.5-p1 and earlier and 2.4.0 and earlier; as well as Magento Open Source, versions 2.3.5-p1 and earlier and 2.4.0 and earlier.

Adobe has issued patches in Magento Commerce and Magento Open Source versions 2.4.1 and 2.3.6, and "Recommends users update their installation to the newest version."

News URL

https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/

#codeexecution #critical #magento #online

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Magento		3	4	106	68	28	206

News URL

Related news

Related vendor