Security News > 2024 > June > CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
2024-06-20 20:02

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks.

"CosmicSting is the worst bug to hit Magento and Adobe Commerce stores in two years," says Sansec.

Adobe Commerce Extended Support 2.4.3-ext-7 and earlier, 2.4.2-ext-7 and earlier, 2.4.1-ext-7 and earlier, 2.4.0-ext-7 and earlier, 2.3.7-p4-ext-7 and earlier.

Based on the severity and low complexity of deducing effective attack paths, Sansec estimates that CosmicSting ticks all boxes to become one of the most damaging attacks in e-commerce's history, alongside "Shoplift", "Ambionics", and "Trojan Order."

PHP fixes critical RCE flaw impacting all versions for Windows.

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.


News URL

https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 166 68 2143 934 2114 5259
Magento 3 52 119 27 11 209