all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Magento flaw exploited to deploy persistent backdoor hidden in XML

Add to bookmarks
April 5, 2024, 8:41 p.m. | Pierluigi Paganini

Security Affairs securityaffairs.co

Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720 (CVSS score of 9.1) is an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code […]

backdoor breaking news command command injection critical cve cve-2024 cvss cvss score cyber crime cybercrime deploy exploited exploiting flaw hacking hidden information security news injection install it information security magento magento vulnerability malware os command persistent pierluigi paganini researchers sansec score stores threat threat actors vulnerability xml

Visit resource

More from securityaffairs.co / Security Affairs

A flaw in the R programming language could allow code execution 2 hours ago | securityaffairs.co
arbitrary code arbitrary code execution breaking news code +22
Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall 10 hours ago | securityaffairs.co
apt bypass china china great firewall +21
Notorious Finnish Hacker sentenced to more than six years in prison 21 hours ago | securityaffairs.co
aleksanteri kivimäki breaking news center cyber crime +17
CISA guidelines to protect critical infrastructure against AI-based threats 1 day, 1 hour ago | securityaffairs.co
agency ai ai risks analysis +27
NCSC: New UK law bans default passwords on smart devices 1 day, 11 hours ago | securityaffairs.co
april ban bans breaking news +29
The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user … 1 day, 13 hours ago | securityaffairs.co
access breaking news carriers communications +19
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023 1 day, 22 hours ago | securityaffairs.co
android apps breaking news google +14
Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals 2 days, 5 hours ago | securityaffairs.co
agency breach breaking news business +23
Cyber-Partisans hacktivists claim to have breached Belarus KGB 2 days, 9 hours ago | securityaffairs.co
access agency belarus belarus kgb +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

EY- GDS- Cybersecurity- Staff

@ EY | Miguel Hidalgo, MX, 11520
View on infosec-jobs.com

Staff Security Operations Engineer

@ Workiva | Ames
View on infosec-jobs.com

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

@ Highwire Public Relations | Los Angeles, CA
View on infosec-jobs.com

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

@ Airbus | Mirabel
View on infosec-jobs.com

Investigations (OSINT) Manager

@ Logically | India
View on infosec-jobs.com

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, NY, Virtual Location - New York
View on infosec-jobs.com
View more jobs