The Latest in IT Security

Unpatched vulnerability exposes Magento online shops to hacking

14
Apr
2017
Unpatched vulnerability exposes Magento online shops to hacking

unpatched-vulnerability-exposes-magento-online-shops-to-hacking

An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.

The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.

The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it.

Read More

Leave a reply


Categories

FRIDAY, JUNE 23, 2017

Featured

Archives

Latest Comments

Social Networks