Adobe Commerce and Magento 1 Sites at Risk: Magento Vulnerabilities Exploited

29 Mar 2022
Albert Wood
Albert Wood
Adobe Commerce and Magento 1 Sites at Risk: Magento Vulnerabilities Exploited

If you run a Magento or Adobe Commerce site, it’s time to take action.

A recently discovered critical security vulnerability is being actively exploited and is affecting websites running on Adobe Commerce and Magento Open Source.

The vulnerability, CVE-2022-24086 is a remote code execution flaw and allows hackers to run malicious code on vulnerable Magento Open Source and Adobe Commerce sites.

On the other hand, Sansec, the web security company detected a mass breach of more than 500 Magento 1 websites, making their customer subjected to a credit card skimmer.

Facts about Magento 1 websites’ security

  • Adobe ended support for Magento 1 on June 30, 2020
  • Adobe no longer offers security patches for legacy Magento 1.x, the last patch was issued in April 2020.
  • The FBI had warned in 2020 that a Magento plugin vulnerability is being exploited
  • Hackers take over the online stores and plant a malicious script to record and steal buyers’ payment card data, known as e-skimming, web skimming, or Mage cart.
  • Adobe had urged its Magento 1 customers to upgrade to the latest version of Adobe Commerce after the mass breach detected by Sansec.

 5 things to learn about the Magento Security Threat: CVE-2022-24086

  • Adobe rates the CVE-2022-24086 vulnerability as 9.8 out of 10, the maximum security rating possible
  • It allows attacks without authentication, or login info
  • This exploit works by improper input validation, allowing the attacker to craft the input in a form not expected by the rest of the application.
  • All Adobe Commerce versions, and Magento Open Source 2.4.3 p1, 2.3.7 p2, and earlier versions are at risk.
  • Adobe released an emergency patch to secure the affected Adobe Commerce and Magento Open Sources versions

ioVista is an official Adobe Solutions Partner with an expert team of Magento-certified developers. Our team of experts is available at reasonable rates with a quick response time.

Don’t hesitate to contact us and apply the security patch today!

We also understand not everyone on legacy Magento 1 is a candidate to migrate to Magento 2. We help many of these companies migrate to Shopify, BigCommerce, WooCommerce, and other eCommerce platforms.

We understand our client’s needs, the vision of the future, and internal processes so that we can suggest the best platform that meets their needs today and tomorrow.

If you take security seriously or have received an insane cost to migrate from another company – connect with ioVista for a Platform Migration Consultation.

Albert Wood
Albert Wood linkedin

Albert Wood is an accomplished eCommerce Business Analyst. As a technology futurist and sales motivator at ioVista, Albert is dedicated to transforming struggling eCommerce businesses into thriving enterprises. With a keen focus on client’s business processes, user experience (UX), and leveraging the power of digital marketing, he helps businesses optimize their online presence and drive sustainable growth. Albert’s passion is for virtual reality (VR), augmented reality (AR), and mixed reality (MR), immersing himself in unforgettable experiences and exploring the limitless possibilities they offer. His enthusiasm for these emerging technologies fuels his drive to push the boundaries of innovation in eCommerce.

Get in Touch

    Start Your Free Website & Platform Assessment.

    Get in touch with us if you have a web development or digital marketing project that you would like to get underway!

    Platform Assessment