New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
Summary
A new vulnerability named 'PolyShell' has been discovered that affects all stable versions of Magento Open Source and Adobe Commerce. This flaw allows unauthenticated attackers to execute arbitrary code remotely (RCE) and potentially take over user accounts on e-commerce stores using these platforms.
IFF Assessment
FOE
The PolyShell vulnerability enables unauthenticated remote code execution and account takeover, posing a significant threat to e-commerce platforms and their users.
Severity
9.8
Critical
(AI Estimated)
Defender Context
Defenders should prioritize patching or mitigating this vulnerability on all Magento installations immediately. Attackers can leverage PolyShell for widespread compromise of e-commerce platforms, leading to data theft and service disruption.