Critical Vulnerability Found in Adobe Commerce – Update Now!

CVSScvssV3_1: 9.1

Adobe Commerce, previously known as Magento, is an open-source e-commerce platform used by many online stores. Researchers have discovered a serious vulnerability in older versions of Adobe Commerce that could allow hackers to take control of stores without any user interaction required.

The vulnerability, tracked as CVE-2024-20720, exists due to a lack of sanitization of special elements used in operating system commands. This could enable an attacker to execute arbitrary code on the server simply by sending crafted requests to the store. Since no user interaction is needed, stores running vulnerable versions could be compromised automatically by exploiting this flaw.

Once an attacker gains remote code execution, they would have full access to the server. They could then steal customer data, install malware, or use the store’s resources for other malicious purposes. The vulnerability has been given a CVSS score of 9.1 out of 10, meaning it is considered highly critical.

Adobe Commerce versions 2.4.6-p3 and earlier are affected. Store owners using these versions should update immediately to patch this vulnerability. Applying security updates as soon as possible is important to prevent hackers from taking advantage of known issues. Users should also check that any stores they visit have the latest versions installed. Taking basic steps like updating software helps significantly reduce cyber risk for online businesses and their customers.