As we all know Adobe’s e-commerce Magento platform is targeted by attackers like the Magecart threat group. Due to this attack, Magento has released updates for Magento Commerce and Magento Open Source. These updates resolve vulnerabilities rated important and critical. Successful exploitation could lead to arbitrary code execution.
In Adobe Security Bulletin ASPB20-59 Adobe says the 2 critical flaws (CVE-2020-24407 and CVE-2020-24400) File Upload Allow List Bypass, SQL Injection it could allow arbitrary code execution as well as read or write access to the database. Also, 6 important-rated errors and one moderate-severity vulnerability plaguing both Magento Commerce and Magento Open Source. For more information check the following Vulnerability Detail.
Vulnerability details
Affected Versions
The vulnerability impact Magento Commerce, versions 2.3.5-p1 and earlier and 2.4.0 and earlier; as well as Magento Open Source, versions 2.3.5-p1 and earlier and 2.4.0 and earlier. For more information check below.
Update Release
To overcome this issue in affected versions, Adobe Magento has released updates for Magento Commerce and Magento Open Source. They categorize these updates with the following priority ratings.
Get Your Magento Store Updates
Adobe recommends users update their installation to the newest version. So, go and get your Magento store updates. If you are looking for a Magento agency to apply these security updates in your Magento store then feel free to CONTACT US.