Start a Project

Client Login

menu menu

All Categories

Adobe Commerce, E-Commerce, Magento, News

Magento 2 Vulnerability: Surge in Hacking on Unpatched Stores

27 Sep 2022

Mike Patel

Cybercriminals and Hacking Groups are Back at it.

The researchers at Sansec have warned of a surge in hacking attempts on Magento 2 sites. A critical Magento 2 vulnerability tracked as CVE-2022-24086 enables unauthenticated attackers to execute code on unpatched Magento sites.

Magento, a popular open-source eCommerce platform by Adobe, is used by thousands of e-stores worldwide. Sansec researchers have alerted the merchants of a hacking campaign exploiting the CVE-2022-24086 Magento 2 vulnerability.

In February 2022, Adobe released security updates to address this flaw affecting Adobe Commerce and Magento open-source products; at the time, the company confirmed it was actively exploited.

“Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.” Adobe advisory was published.

The CVE-2022-24086 has received a CVSS score of 9.8 out of 10, and it is classified as a pre-authentication issue meaning it could be exploited without credentials.

The vulnerability affects the below versions of the Adobe products:

Vulnerability Affects Image

The Three Variants of Attack

Three attack variants are exploiting CVE-2022-24086 to inject a Remote Access Trojan (RAT) on vulnerable endpoints.

The first variant – initiates by creating a new customer account on the target platform through a malicious template code in the first and last names and placing an order later.

The injected code then decodes to command and downloads a Linux executable (“223sam.jpg”), launched in the background as a process. This RAT phones to a Bulgaria-based server to receive commands.

“This attack method defeats some of the security features of the Adobe Commerce Cloud platform, such as a read-only code base and restricted PHP execution under pub/media,” explains Sansec in the report.

“The RAT has full access to the database and the running PHP processes,… and can be injected on any of the nodes in a multi-server cluster environment.”

The second attack injects a PHP backdoor (“health_check.php”) through a template code in the VAT field of the placed order.

This code creates a new file (“pub/media/health_check.php”), accepting the commands via POST requests.

The third attack employs template code that executes to replace “generated/code/Magento/Framework/App/FrontController/Interceptor.php” with a malicious, backdoor version.

The Sansec team of researchers has urged Magento 2 site administrators to stick to the security guidelines on the Adobe Commerce and Magento open-source support page. As an Adobe Solutions partner, ioVista suggests you upgrade your Magento or Adobe Commerce to the latest version.

Mike Patel

Mike Patel is the Founder and CEO of ioVista, a leading digital commerce agency specializing in eCommerce solutions. With a strong background in business and technology, Mike Patel has been at the forefront of driving digital transformations for businesses. He has successfully navigated the ever-changing landscape of eCommerce, helping companies leverage the power of online platforms to grow their brand, increase revenues, and optimize their digital presence. Under his leadership, ioVista has become a trusted partner with major technology companies: Adobe/Magento, Google, BigCommerce, Shopify, and Yahoo. He is dedicated to staying ahead of industry trends, adopting cutting-edge technologies, and continuously improving strategies to provide clients with a competitive edge. Mike’s commitment to excellence and client satisfaction is evident in every project ioVista undertakes.

Magento 2 Vulnerability: Surge in Hacking on Unpatched Stores

Cybercriminals and Hacking Groups are Back at it.

Get in Touch

Popular Posts

Let’s work together to create outstanding digital experiences.