Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.
The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of « improper neutralization of special elements » that could pave the way for arbitrary code execution.
It was addressed by the company as part of