Critical Magento 0-Day Vulnerability Under Active Exploitation

by
janrinok
from SoylentNews on (#5W55S)

upstart writes:

Critical Magento 0-Day Vulnerability Under Active Exploitation:

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an "improper input validation" issue that could be weaponized to achieve arbitrary code execution.

It's also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. But the California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments