Magento 2 Issues

Questions related to ecommerce software can be posted here.
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Post Reply
Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Magento 2 Issues

Post by Accrete »

If you are a Magento 2 user you should bookmark this thread to follow it. Issues we find and members contribute regarding Magento 2 will be/should be posted to this thread so we keep them all together, making them easier to find.

Here is the first one since starting this thread.

Platform Allow Code-Execution
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.


Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution.

Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe parlance, priority 2 means that administrators should apply the updates within 30 days.

Out of the flaws, Adobe has fixed three that it rates as critical in severity, meaning that successful exploits could “allow malicious native code to execute, potentially without a user being aware.”
Continued: Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
January 29, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Re: Magento 2 Issues

Post by Accrete »

If you are using Magento you will need to check this patch has been applied to your installation of Magento:
Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.

Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems.

Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier. These included two critical vulnerabilities and two important-severity flaws...
Report continued at: Critical Magento Flaws Allow Code Execution
July 29, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Re: Magento 2 Issues

Post by Accrete »

If you are using Magento you will want to read this and fix your site as necessary:
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations and post compromise tools have been created to support deployment for both Magento 1.x and 2.x versions, making it easier for them to exploit a larger number of sites.

Malicious Forbidden Activity

During a recent investigation, our team came across a tool aptly named Forbidden. It allows an attacker to quickly perform a number of malicious functions including adding an admin user, modifying existing users, viewing orders, dumping the website’s configuration data, and removing itself once the attacker is finished with it.
continued:
Magento Multiversion (1.x/2.x) Backdoor
August 26, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Magmi Plugin Flaws

Post by Accrete »

If you are using Magento Mass Import on your Magento site you need to read this:
Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites.

Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import (Magmi) plugin, an open source database client that imports data into Magento.
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Magento PHP Injection

Post by Accrete »

If you are using Magento for your ecommerce site you should check this out:
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files...
Magento PHP Injection Loads JavaScript Skimmer
January 21, 2021
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Post Reply

Return to “Ecommerce Software”

Who is online

Users browsing this forum: No registered users and 178 guests