Multiple Critical Vulnerabilities in Magento

Imechapishwa: May 17, 2024 14:14

Advisory No: TZCERT/SA/2024/05/17-2

Source: GitHub

Software Affected: Magento Commerce, Magento Open Source

Overview

Magento applications are vulnerable to multiple critical vulnerabilities. The attacker can leverage the vulnerabilities to execute remote code commands.

Description

Magento Commerce and Magento Open Source are affected by critical vulnerabilities. Among the systems affected by these vulnerabilities are those using sendmail as the mail transport agent and those with specific, non-default configuration settings. The remote attackers can exploit the vulnerabilities to execute remote code in the Magento admin panel

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution

Magento has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

1. https://github.com/advisories/GHSA-prpf-cj87-hwvr
2. https://github.com/advisories/GHSA-5gmh-85x8-5cx7
3. https://github.com/advisories/GHSA-cv25-3pxr-4q7x
4. https://github.com/advisories/GHSA-26hq-7286-mg8f