Critical Vulnerability Magento E-commerce Platform Puts As Many As 300,000 Commerce Sites At Risk

It has been reported that a critical vulnerability in the Magento e-commerce platform is putting as many as 300,000 commerce sites at risk of card-skimming infections until they install a recently released patch 

Magento is reportedly used on over 15 million eCommerce sites. With the proliferation of attacks like Magecart, vulnerabilities like this in Magento can become a serious security risk very quickly.

Satnam Narang, Senior Research Engineer at Tenable:

“Earlier this week, Magento published a security update to address over 30 vulnerabilities in Magento Open Source and Commerce. Most notable in this release is a patch for PRODSECBUG-2198, an unauthenticated SQL injection vulnerability that can lead to remote code execution. Magento states that Open Source versions prior to 1.9.41 and Magento Commerce versions prior to 1.14.4.1, 2.1.17, 2.2.8 and 2.3.1 are affected by PRODSECBUG-2198.   

“While there is no proof of concept code or exploit scripts available for this bug yet, due to the relative ease of exploitation, Magento site owners should upgrade to these patched versions as soon as possible. Magento e-commerce websites have been a popular target for cybercriminals for years, so the existence of an unauthenticated remote code execution bug certainly won’t go unnoticed.” 

  

 

 

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x