Critical vulnerability in Magento e-commerce platform

In an open platform for organizing e-commerce Magento , which takes about 10% Systems market for creating online stores, Revealed Critical vulnerability ( CVE-2022-24086 ), allowing you to execute code on the server Through sending a specific query without passing authentication. Vulnerabilities assigned a hazard level of 9.8 out of 10.

The problem is caused by incorrect verification of the parameters received from the user in the order processing processor. Details of the vulnerability operation are not yet disclosed, the fix is ​​reduced to cleaning characters in the request parameters for regular expression “.

Vulnerability is manifested in issues with 2.3.3-p1 by 2.3.7-P2 and from 2.4.0 to 2.4.3-P1 inclusive. Fix Available Patch shape (new issues with correction while are not formed ). Magento users are recommended urgently Install Patch , since the network already Individual cases of the use of the vulnerability under consideration are recorded to make attacks on online stores.

/Media reports.