Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites (Mar 29, 2019)
Magento released new versions of its content management software to address 37 security vulnerabilities in it. Most of the vulnerabilities could only be exploited by authenticated users, but one vulnerability could allow for a SQL injection by an unauthenticated remote threat actor. The vulnerability, labeled as "PRODSECBUG-2198" by Magento, could allow a threat actor to obtain sensitive information from databases of vulnerable e-commerce sites including administrative sessions and password hashes. The affected versions of Magento include Magento Open Source prior to 220.127.116.11, Magento Commerce prior to 18.104.22.168, Magento Commerce 2.1 prior to 2.1.17, Magento Commerce 2.2 prior to 2.2.8, and Magento Commerce 2.3 prior to 2.3.1.
Recommendation: It is crucial to apply the security patch immediately to prevent exploitation by threat actors. Additionally, your company should have policies in place to review and apply security updates for software in use automatically to protect against known vulnerabilities that threat actors may exploit.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.