4 matches found
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...
CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...
CVE-2024-20720
Adobe Commerce (Magento) OS Command Injection (CVE-2024-20720) affects 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from improper neutralization of special elements used in an OS command, enabling arbitrary code execution. Exploitation is possible over the network without user intera...
CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...