Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.
Magento, an Adobe company, is one of the most popular open-source e-commerce platforms and is written in PHP.
In all, Adobe fixed six Magento vulnerabilities – three of them rated critical and three moderate severity.
One of the patches address a SQL injection vulnerability CVE-2020-3719 that could result in sensitive data disclosure.
In addition, Adobe also patched a critical deserialization of untrusted data vulnerability CVE-2020-3716 and security bypass vulnerability CVE-2020-3718. An attacker could exploit each of these bugs and execute arbitrary code.
Adobe recommends users update to the latest Magento versions. See more details in the Adobe advisory APSB20-02.