Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover.
The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in

Source

What's Hot

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Near-ultrasonic attacks on voice assistants

Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Our Picks

Don’t let “back to school” become “back to bullying”

Common Apple Pay scams, and how to stay safe

What parents should know to protect their children from doxxing

Subscribe to Updates

What's Hot

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Related Posts

Subscribe to Updates