"The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in the wild."
"Depending on the web server configuration, the flaw can enable remote code execution via PHP upload or account takeover via stored XSS."
"While Adobe provides a sample web server configuration that would largely limit the fallout, the majority of stores use a custom configuration from their hosting provider."
"Blocking access does not block uploads, so people will still be able to upload malicious code if you aren't using a specialized WAF [Web Application Firewall]."
Sansec warns of a critical vulnerability in Magento's REST API, codenamed PolyShell, allowing unauthorized file uploads disguised as images. This flaw affects all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2. The issue arises from the API's handling of file uploads in custom cart options, potentially enabling remote code execution or account takeover. Adobe has addressed the issue in a pre-release but not in current production versions. E-commerce stores are advised to restrict access to the upload directory and implement security measures to mitigate risks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]