Adobe patches Magento vulnerabilities

Adobe patches Magento vulnerabilities

Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.

Magento, an Adobe company, is one of the most popular open-source e-commerce platforms and is written in PHP.

In all, Adobe fixed six Magento vulnerabilities – three of them rated critical and three moderate severity.

One of the patches address a SQL injection vulnerability CVE-2020-3719 that could result in sensitive data disclosure.

In addition, Adobe also patched a critical deserialization of untrusted data vulnerability CVE-2020-3716 and security bypass vulnerability CVE-2020-3718. An attacker could exploit each of these bugs and execute arbitrary code.

Adobe recommends users update to the latest Magento versions. See more details in the Adobe advisory APSB20-02.