‘HIGH RISK’ ZERO DAY LEAVES 200,000 MAGENTO MERCHANTS VULNERABLE

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this

A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and originally reported the vulnerability to Magento in November.

“During the security audit of Magento Community Edition, a high risk vulnerability was discovered that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information,” DefenseCode wrote in a technical description of its discovery (PDF) posted Wednesday.

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this