Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

The threat actor behind the exploitation of vulnerable Craft Content Management System CMS instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo aka Hezb, which has a long history of leveragin...

Magento CMS CVE-2019-8144 Remote Code Execution Vulnerability

Description Magento CMS is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Magento version 2.3 prior to...

Magento CMS Admin Panel HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS. An attacker can exploit the vulnerability to execute arbitrary script code on the browsers of affected website users, steal...

Magento CMS Video Upload Feature Remote Code Execution Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A remote code execution vulnerability exists in the Magento CMS video upload feature. An attacker can exploit the vulnerability to execute arbitrary code in the affected application...

Magento CMS Email Alerts Remote Code Execution Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A remote code execution vulnerability exists in the Magento CMS email alerts feature. An attacker can exploit the vulnerability to execute arbitrary code in the affected application...

Magento CMS 'RetrieveImage.php' Arbitrary File Upload Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . Magento CMS has an arbitrary file upload vulnerability. An attacker can use this...

Magento CMS Invitations Feature HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability to execute arbitrary script...

Magento CMS Categories Management Cross-Site Scripting Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A cross-site scripting vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability by executing arbitrary...

Magento CMS Admin Dashboard Remote Code Execution Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A remote code execution vulnerability exists in Magento CMS. An attacker can exploit this vulnerability to execute arbitrary code in the context of an affected application...

Magento CMS Flash File Upload Cross-Site Scripting Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...