Magento has released security updates to address vulnerabilities in Magento Commerce and Magento Open Source.
An attacker could exploit one of these vulnerabilities to take control of impacted systems.
The Adobe Magento update APSB20-59 includes fixes for nine vulnerabilities, two of them rated Critical.
The two Critical bugs patched include:
- CVE-2020-24407 – File Upload Allow List Bypass
- CVE-2020-24400 – SQL Injection.
The former could result in arbitrary code execution, while the latter could result in arbitrary read or write access to the database.
In addition, Adobe patched one Moderate and six Important rated vulnerabilities.
As reminder, the June’s update was the last Adobe security update offered to Magento 1 ecommerce sites.
Readers may recall earlier this year when Visa urged merchants to upgrade Magento 1 ecommerce websites to 2.x before the end of June 2020.
Finally, also check out security guidelines to assist organizations in securing Content Management Systems (CMS) in areas of patching, account management, hardening and monitoring, to name a few.