Advisory No: TZCERT/SA/2024/05/17-2
Date of First Release: 17th May 2024
Source: GitHub
Software Affected: Magento Commerce, Magento Open Source
Overview:
Magento applications are vulnerable to multiple critical vulnerabilities. The attacker can leverage the vulnerabilities to execute remote code commands.
Description:
Magento Commerce and Magento Open Source are affected by critical vulnerabilities. Among the systems affected by these vulnerabilities are those using sendmail as the mail transport agent and those with specific, non-default configuration settings. The remote attackers can exploit the vulnerabilities to execute remote code in the Magento admin panel.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.
Solution:
Magento has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References: