The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that’s likely to soon become a target for attackers.
Magento, an Adobe-owned company since 2018, released security patches for 37 security issues affecting both the commercial and open-source versions of its platform. Exploitation of the flaws can enable remote code execution, SQL injection, cross-site scripting, privilege escalation, information disclosure and spamming.