Lucene search
+L

4 matches found

The Hacker News
The Hacker News
added 2024/04/06 9:43 a.m.84 views

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

9.1CVSS8.3AI score0.03687EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/15 1:39 p.m.41 views

CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...

9.1CVSS9.7AI score0.03687EPSS
Exploits0References1
CVE
CVE
added 2024/02/15 1:39 p.m.182 views

CVE-2024-20720

Adobe Commerce (Magento) OS Command Injection (CVE-2024-20720) affects 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from improper neutralization of special elements used in an OS command, enabling arbitrary code execution. Exploitation is possible over the network without user intera...

9.1CVSS8.5AI score0.03687EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/15 1:39 p.m.191 views

CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...

9.1CVSS7.7AI score0.03687EPSS
Exploits0References1
Rows per page
Query Builder