Security News > 2024 > June > CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks.
"CosmicSting is the worst bug to hit Magento and Adobe Commerce stores in two years," says Sansec.
Adobe Commerce Extended Support 2.4.3-ext-7 and earlier, 2.4.2-ext-7 and earlier, 2.4.1-ext-7 and earlier, 2.4.0-ext-7 and earlier, 2.3.7-p4-ext-7 and earlier.
Based on the severity and low complexity of deducing effective attack paths, Sansec estimates that CosmicSting ticks all boxes to become one of the most damaging attacks in e-commerce's history, alongside "Shoplift", "Ambionics", and "Trojan Order."
PHP fixes critical RCE flaw impacting all versions for Windows.
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.