github.com/ghostwriter

Vulnerability in REST API allows attackers to upload executable files.

Unrestricted file upload: all #Magento #OpenSource and #AdobeCommerce versions up to 2.4.9-alpha2

#XSS: all versions pre-2.3.5 or custom webserver config

#RCE via #PHP upload: #nginx 2.0.0–2.2.x (via index.php filename), any non-stock version nginx passing all .php to fastcgi, #Apache pre-2.3.5 without php_flag engine 0

Patched: 2.4.9-alpha3+ (pre-release only)

https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/

https://sansec.io/research/magento-polyshell

#Magento2

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.

BleepingComputer
Mar 20 at 5:04pmWeb