Magento “PolyShell” flaw lets attackers upload files without logging in, raising RCE and takeover risks

A newly disclosed Magento flaw called PolyShell can let unauthenticated attackers upload files through the platform’s REST API, creating a serious risk for Adobe Commerce and Magento Open Source stores. Security firm Sansec says the bug affects all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2, while Adobe’s March bulletin shows fixes shipping […] The post Magento “PolyShell” flaw lets attackers upload files without logging in, raising RCE and takeover risks appeared first on VPN Central.