#adobecommerce — Public Fediverse posts

Vulnerability in REST API allows attackers to upload executable files.

Unrestricted file upload: all #Magento #OpenSource and #AdobeCommerce versions up to 2.4.9-alpha2

#XSS: all versions pre-2.3.5 or custom webserver config

#RCE via #PHP upload: #nginx 2.0.0–2.2.x (via index.php filename), any non-stock version nginx passing all .php to fastcgi, #Apache pre-2.3.5 without php_flag engine 0

Patched: 2.4.9-alpha3+ (pre-release only)

https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/

https://sansec.io/research/magento-polyshell

#Magento2

#Adobe-#Patchday: Schadcodeschmuggel in Reader, Illustrator und weiteren möglich | Security https://www.heise.de/news/Adobe-Patchday-Schadcodeschmuggel-in-Reader-Illustrator-und-weiteren-moeglich-11206633.html #CrossSiteScripting #XSS #MagentoOpenSource #AdobeCommerce

Angreifer attackieren kritische Lücke in #AdobeCommerce und #Magento | Security https://www.heise.de/news/Angreifer-attackieren-kritische-Luecke-in-Adobe-Commerce-und-Magento-10845752.html #SessionReaper #Adobe #AdobeMagento #Patchday

SessionReaper Exploits Erupt as Magento Sites Lag on Patching https://thecyberexpress.com/sessionreaper-exploits-erupt/ #SessionReaperExploitation #ExploitedVulnerabilities #VulnerabilitiesPatching #ThreatIntelligence #VulnerabilityNews #Vulnerabilities #CyberEssentials #FirewallDaily #AdobeCommerce #SessionReaper #CyberNews #Magento

A dangerous flaw in Adobe Commerce lets hackers hijack customer sessions with zero effort—and 60% of Magento stores are still unpatched. Is your business vulnerable?

https://thedefendopsdiaries.com/understanding-and-responding-to-the-sessionreaper-vulnerability-in-adobe-commerce/

#sessionreaper
#adobecommerce
#magento
#cve202554236
#ecommercesecurity

🚨 Critical Magento & Adobe Commerce Flaw (CVE-2025-54236 – SessionReaper) 🚨

Impact: Customer account takeover + unauthenticated remote code execution (CVSS 9.1 Critical).

👉 Full details and action steps: https://hostvix.com/sessionreaper-critical-magento-adobe-commerce-vulnerability-cve-2025-54236/

#Magento #AdobeCommerce #SessionReaper #CVE202554236 #CVE #Infosec #CyberSecurity #AppSec #WebSecurity #SecOps #BlueTeam #RedTeam #ThreatIntel #Vulnerability #PatchNow #ZeroDay #Exploit #EcommerceSecurity #DataSecurity #SecurityUpdate

Adobe Issues Urgent Patch for ‘SessionReaper’ Vulnerability in Commerce and Magento https://thecyberexpress.com/adobe-commerce-flaw-cve-2025-54236/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #AdobeCommerce #SessionReaper #CVE202554236 #CyberNews #Magento

Adobe Commerce is under threat—a new flaw, SessionReaper, lets hackers hijack live sessions like an open front door. Learn why immediate patching is crucial to keep your eCommerce safe.

https://thedefendopsdiaries.com/understanding-and-mitigating-the-sessionreaper-vulnerability-in-adobe-commerce/

#sessionreaper
#adobecommerce
#magento
#cybersecurity
#vulnerability

#Adobe-#Patchday: Neun Produkte mit Sicherheitslücken | Security https://www.heise.de/news/Adobe-Patchday-Neun-Produkte-mit-Sicherheitsluecken-9974474.html #AdobeLightroom #AdobeInDesign #AdobeFrameMaker #AdobeCommerce #AdobeMagento #AdobeAnimate #AdobeSubstance3DStager #AdobeSubstance3DPainter #AdobeDimension #AdobeInCopy #Lightroom #InDesign #FrameMaker #Commerce #Magento #Animate #Substance3DStager #Substance3DPainter #Dimension #InCopy

Adobe Security Alert: Update Software Now to Protect Against Exploits https://thecyberexpress.com/adobe-security-update/ #AdobeSecurityUpdate #TheCyberExpressNews #MagentoOpenSource #Vulnerabilities #TheCyberExpress #FirewallDaily #AdobeCommerce #Vulnerability #CVE202420787 #CyberNews #Magento