Cybersecurity researchers revealed that 5% of all Adobe Commerce and Magento stores are compromised due to a critical vulnerability, CosmicSting, since its exploitation began.
The critical flaw, tracked as CVE-2024-34102, pertains to an improper restriction concerning XML external entity references, allowing for potential remote code execution.
Sansec described CosmicSting as the worst bug affecting Magento and Adobe Commerce in two years, with attacks occurring at a rate of three to five per hour.
Applying the latest fixes alone won't suffice; site owners must also rotate encryption keys to protect against attacks leveraging the vulnerability.
Collection
[
|
...
]