One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 356593 |
| Date de publication | 2017-04-13 14:15:00 (vue: 2017-04-13 14:15:00) |
| Titre | Unpatched vulnerability exposes Magento online shops to hacking |
| Texte | An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it. If the file is not an image, the platform will return a "Disallowed file type" error, but won't actually remove it from the server.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | actually added allow article but can click code comment commerce consultancy could defensecode determined different disallowed discovered download error example execute exposes feature file flaw from full hackers hacking here host hosted image images leave listings located magento malicious not online order php platform please points preview product read remove researchers retrieves return script security server servers shops such type unpatched upload url validate videos vimeo vulnerability web will won |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.