Sansec security researchers report Magento flaw actively exploited by hackers
Take action: If you are using Adobe Magento, patch ASAP and scan for exploits and backdoors. The hackers are actively attacking it, so don't delay.
Learn More
Cybersecurity experts at Sansec are alerting that a critical vulnerability in Magento, a popular e-commerce platform has been actively exploited by cybercriminals.
The vulnerability, tracked as CVE-2024-20720 (CVSS score 9.1), is an operating system command injection flaw that allows for the execution of arbitrary code without any need for user interaction. Adobe, the parent company of Magento, addressed this issue in February 2024 through its scheduled Tuesday Patch updates, r
Despite available fixes, a significant number of e-commerce sites have not applied the updates and are at risk of being compromised.
The ongoing attacks have seen the addition of a backdoor to the CMS controller generated automatically by Magento. This backdoor ensures its own persistence on the compromised server and facilitates remote code execution through POST commands.
One of the malicious uses of this backdoor is to inject a counterfeit Stripe payment skimmer into e-commerce websites, aiming to steal payment information from unsuspecting customers.
Magento users are strongly urged to update their installations to the latest secure versions, specifically Magento versions 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7. Additionally, website administrators should conduct thorough scans of their sites to detect and remove any instances of malware that may have been implanted as a result of this security breach.
