April 5, 2024 at 07:06AM
Sansec reports exploitation of CVE-2024-20720 in Magento, allowing backdoor injection. Adobe patched it in Feb 2024, but unpatched websites remain vulnerable. Threat actors exploit by injecting XML code. Attackers use layout parser and assert package for system command execution. Backdoor is periodically reinfected for remote code execution and payment data theft. Update Magento versions to protect against exploitation.
Key takeaways from the meeting notes:
– Threat actors are exploiting a critical vulnerability (CVE-2024-20720) in Magento to inject a persistent backdoor into ecommerce websites.
– Adobe resolved the vulnerability in February 2024, but some websites are still vulnerable.
– Sansec reported that threat actors are using a crafted layout template in the database to inject XML code, allowing for persistent reinfection.
– The backdoor added by threat actors ensures persistent remote code execution via POST commands and has been used to steal payment data.
– Users are advised to update to Magento versions 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 as soon as possible and scan their websites for malware infections.
Related information includes details about critical flaws in widely deployed software, attacks exploiting Adobe Acrobat vulnerability, and vendors actively bypassing security patches for a year-old Magento vulnerability.