Magento Vulnerability - Critical 'PolyShell' Exploit Disclosed
Basically, there's a serious flaw in Magento that lets hackers run harmful code on stores.
A critical vulnerability named 'PolyShell' has been found in Magento stores. This flaw allows hackers to execute malicious code, threatening online retailers. Immediate action is needed to protect sensitive data and maintain security.
The Flaw
A newly discovered vulnerability, dubbed 'PolyShell', has put all stable versions of Magento Open Source and Adobe Commerce at risk. This flaw allows unauthenticated code execution, which means attackers can run malicious code without needing any credentials. The issue arises from how Magento's REST API handles file uploads for custom product options. When a product option is set to type 'file', it processes a file_info object containing base64-encoded data. This creates an opportunity for attackers to upload a malicious polyglot file, which can function as both an image and a script.
The exploit targets the server's pub/media/custom_options/quote/ directory. Depending on the server's configuration, this can lead to remote code execution or an account takeover via stored cross-site scripting (XSS). This critical vulnerability poses a significant threat to online retailers, who rely on Magento for their eCommerce platforms.
What's at Risk
The PolyShell vulnerability affects all stable versions of Magento, which means that a vast number of online stores could be compromised. Retailers using these platforms are particularly vulnerable, as the flaw allows hackers to gain control over their systems. This could lead to unauthorized access to sensitive customer data, financial information, and potentially catastrophic damage to the store's reputation.
Security experts from eCommerce security firm Sansec have raised alarms, indicating that exploit methods are already circulating in the wild. They predict that automated attacks leveraging this vulnerability are imminent, which could lead to widespread exploitation across Magento-powered stores.
Patch Status
Adobe has acknowledged the issue and has released a fix in an alpha version of Magento 2.4.9. However, this fix is not yet available for production versions, leaving many stores still vulnerable. Until a stable patch is released, store administrators must take immediate action to protect their systems. This includes restricting access to the custom options upload directory and verifying web server configurations to mitigate the risk of exploitation.
Immediate Actions
To safeguard against the PolyShell exploit, Magento store owners should implement the following measures:
- Restrict access to the custom options upload directory to prevent unauthorized file uploads.
- Verify web server configurations to ensure they are not susceptible to remote code execution.
- Conduct regular malware scans to identify and remove any existing threats.
- Stay updated with Adobe's announcements regarding the release of a permanent patch for production versions.
Taking these steps can help protect online retailers from the potential fallout of this critical vulnerability until a more permanent solution is available.
SC Media