app/etc/env.php and injecting malicious JavaScript via the REST API to harvest customer data.Adobe stated in its advisory that no active exploitation of SessionReaper has been observed so far. However, given the history of Magento and Adobe Commerce vulnerabilities, this could change quickly.”SessionReaper is among the most severe Magento vulnerabilities to date, comparable to Shoplift (2015), Ambionics SQLi (2019), TrojanOrder (2022), and CosmicSting (2024),” Sansec warned. “Each time, thousands of stores were compromised, sometimes within hours of disclosure.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4055037/adobe-commerce-and-magento-users-patch-critical-sessionreaper-flaw-now.html
