The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that's likely to soon become a target for attackers.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]
Magento, an Adobe-owned company since 2018, released security patches for 37 security issues affecting both the commercial and open-source versions of its platform. Exploitation of the flaws can enable remote code execution, SQL injection, cross-site scripting, privilege escalation, information disclosure and spamming.
To read this article in full, please click here