image credit: pixabay
The vulnerabilities rated critical have been described as a “file upload allow list bypass” that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store’s database. However, exploitation of these vulnerabilities requires admin privileges, which means they need to be chained with other weaknesses.
Six of the security holes plugged last week have been rated important, including improper authorization, insufficient user session invalidation, and stored cross-site scripting (XSS) issues.
Comments are closed.
