Payments News


Serious Magento Bug Will Likely Be Exploited in the Wild by Card Skimmers

“A critical vulnerability in the Magento e-commerce platform is putting as many as 300,000 commerce sites at risk of card-skimming infections until they install a recently released patch. PRODSECBUG-2198 is a SQL injection vulnerability that attackers can exploit with no authentication required. Hackers could exploit the flaw to take administrative control of administrator accounts, assuming the hackers can download user names and password hashes and crack the hashes. From there, attackers could install the backdoors or skimming code of their choice. A researcher at Web security firm Sucuri said Thursday that company researchers reverse-engineered an official patch released Tuesday and successfully created a working proof of concept exploit.”