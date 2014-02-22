Stories
Slash Boxes
Comments

SoylentNews is people

Critical Magento 0-Day Vulnerability Under Active Exploitation

posted by janrinok on Tuesday February 15, @06:13AM   Printer-friendly [Skip to comment(s)]
Security News

upstart writes:

Critical Magento 0-Day Vulnerability Under Active Exploitation:

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an "improper input validation" issue that could be weaponized to achieve arbitrary code execution.

It's also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. But the California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.

Original Submission


«  Intel's Alder Lake-N Atom SoCs Will Have Up to 8 Cores
Critical Magento 0-Day Vulnerability Under Active Exploitation | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: -1, Troll) by Anonymous Coward on Tuesday February 15, @06:42AM

    by Anonymous Coward on Tuesday February 15, @06:42AM (#1221625)

    As if I would rely on SoylentNews, that cannot even do anything about Ethanol_fueled and Runaway1956. You think anyone would take this place seriously for security vulnerabilities? Ban the Runaway. Quash the Eth. These are the Path to true Soylentilism. It is the Way.

  • (Score: 0) by Anonymous Coward on Tuesday February 15, @07:30AM

    by Anonymous Coward on Tuesday February 15, @07:30AM (#1221630)

    Since they are obviously too stupid to provide a modern Linux port, there's no patching to be done on my systems.

(1)