Security News > 2024 > April > Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
2024-04-06 09:43
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of
News URL
https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html
Related news
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells (source)
- China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (source)
- Hackers use PoC exploits in attacks 22 minutes after release (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-15 | CVE-2024-20720 | OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 9.1 |