The zero-day remote code-execution (RCE) interference on the Magento 2 and Adobe Commerce platforms has been severely exploited in the wild, says Adobe – prompting an emergency evacuation over the weekend.
The security risk violator (CVE-2022-24086) is a sensitive issue, allowing for pre-RCE verification from incorrect input validation. It scores 9.8 out of 10 on the CVSS risk rating, but there is one limiting factor: The attacker will need to have administrative rights to be successful.
It affects 2.3.7-p2 versions and earlier and 2.4.3-p1 and earlier for both eCommerce platforms, subject to advice.
Read More: https://threatpost.com/adobe-zero-day-magento-rce-attack/178407/
