Dismiss this notice
EaseUS Todo Backup Home Giveaway - https://www.geeks.fyi/showthread.php?tid=12343

Dismiss this notice
EaseUS MobiSaver for Android 5.0 Giveaway - https://www.geeks.fyi/showthread.php?tid=12344

Dismiss this notice
Avast Premium Security FREE LICENSE Giveaway - https://www.geeks.fyi/showthread.php?tid=12417

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks
#1
Information 
Quote:The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

The vulnerability (CVE-2019-8144), which carries a severity ranking of 10 out of 10 on the CVSS v.3 scale, could enable an unauthenticated user to insert a malicious payload into a merchant’s site through Page Builder template methods, and execute it. Page Builder allows websites to design content updates, preview them live and schedule them to be published. The bug specifically exists in the preview function.

The flaw affects Magento 2.3, and was patched in in Magento Commerce 2.3.3 and with the security-only patch 2.3.2-p2, released in October. The company warned that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks’; but, it said it will re-enable the preview functionality as soon as possible.

“We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before upgrade,” Piotr Kaminski of the Magento security team wrote in a posting on Monday. “Applying this hot fix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack.”

Read more: https://threatpost.com/magento-warns-upg...ap/150115/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
GFYI [Official] Avast Premium Security ...
"WHAT do you li...angustaver — 07:38
AV-Test.org - Best Windows AV software ...
F-Secure PSB Compute...jasonX — 20:34
Best VPN for Android TV
Just to add, Expr...jasonX — 20:27
Avast_Blog_Security News: An elections s...
Exploring the l...harlan4096 — 16:38
What Is Riskware? Cybersecurity Threats ...
In the Online W...harlan4096 — 16:31

[-]
Birthdays
Today's Birthdays
avatar (42)riafootgtap
avatar (33)fixlnub
Upcoming Birthdays
avatar (42)RussellRuigh
avatar (49)isyqop
avatar (39)AntoineLer
avatar (33)prefenouff
avatar (34)emogig
avatar (36)Isabelle88Nes
avatar (36)ferpuMip
avatar (33)kinotExaro
avatar (45)HerbertPab
avatar (42)Susanskymn
avatar (36)stepaRurry
avatar (32)torieyang
avatar (41)MichaelPlaup
avatar (34)JasonSoult
avatar (31)hyxamuc

[-]
Online Staff
There are no staff members currently online.

>