A flaw in Adobe Commerce can be exploited, putting many sites at risk.

The patch, originally created in September, leaked one week before the hotfix was released. The flaw has been described as an improper input validation issue leading to security feature bypass. Active exploitation of this flaw has begun, with about 250 attacks observed on Wednesday. Additionally, only 38% of stores have applied Adobe’s hotfix, meaning that 62% of the Magento stores are at risk. Adobe also warned a month ago that the flaw could lead to customer account takeover through the Commerce REST API.

Read more:

https://www.securityweek.com/exploitation-of-critical-adobe-commerce-flaw-puts-many-ecommerce-sites-at-risk/