Magento has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition).
An attacker could exploit one of these vulnerabilities to take control of impacted systems.
The Adobe Magento update APSB20-47 includes a fix for two Critical vulnerabilities and two Moderate vulnerabilities.
To add, the following two Critical vulnerabilities could result in arbitrary code execution:
- CVE-2020-9689: Path Traversal
- CVE-2020-9692: Security Mitigation bypass.
It is also important to note that each of these vulnerabilities are exploitable without user credentials.
As reminder, last month’s (June) update was the last Adobe security update offered to Magento 1 ecommerce sites.
Readers may recall earlier this year when Visa urged merchants to upgrade Magento 1 ecommerce websites to 2.x before the end of June 2020.