Adobe Patches 9 Vulnerabilities in Magento

2020-10-20 08:33

Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues.

The vulnerabilities rated critical have been described as a "File upload allow list bypass" that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store's database.

The remaining important-severity vulnerabilities can allow an attacker to modify customer lists, access restricted resources, and modify CMS pages.

A total of six researchers have been credited by Adobe for reporting these vulnerabilities.

The patches are included in versions 2.4.1 and 2.3.6 of Magento Commerce and Open Source.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/Df9gdTGz72U/adobe-patches-9-vulnerabilities-magento

#adobe #magento #vulnerabilities

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		166	68	2143	934	2114	5259
Magento		3	52	119	27	11	209

News URL

Related news

Related vendor