Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086, affecting its Commerce and Magento Open Source products that is being actively exploited in the wild.
“Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.” reads the advisory published by Adobe.
The flaw is an “improper input validation” vulnerability that could be exploited by threat actors with administrative privileges to achieve arbitrary code execution on vulnerable systems.
The CVE-2022-24086 has received a CVSS score of 9.8 out of 10, it is classified as a pre-authentication issue which means that it could be exploited without credentials.
The vulnerability affects the following versions of the products:
| Product | Version | Platform |
|---|---|---|
| Adobe Commerce | 2.4.3-p1 and earlier versions | All |
| 2.3.7-p2 and earlier versions | All | |
| Magento Open Source | 2.4.3-p1 and earlier versions | All |
| 2.3.7-p2 and earlier versions | All |
Adobe Commerce 2.3.3 and lower are not affected by this vulnerability.
Last week, researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform.
Threat actors behind this campaign deployed a digital skimmer that was being loaded from the naturalfreshmall(.)com domain.
An interesting characteristic of this attack is the combination of SQL injection and PHP object injection to take over the Magento store.
Experts pointed out that Magento 1 platform has reached End-of-Life and that for this reason will no longer receive security updates.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Magento)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia.…
The UK’s Legal Aid Agency suffered a cyberattack in April and has now confirmed that…
Cybersecurity Observatory of the Unipegaso's malware lab published a detailed analysis of the Sarcoma ransomware.…
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data…
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to…
James Comey is under investigation for a seashell photo showing “8647,” seen by some as…
This website uses cookies.
