Ethical Hacking News
The PolyShell vulnerability is a critical flaw that has been discovered in the Magento and Adobe Commerce REST API, allowing attackers to upload executable files without authentication. This flaw affects many online stores built using these platforms and highlights the importance of robust security measures to protect sensitive data.
PolyShell is a critical vulnerability in Magento and Adobe Commerce REST API, allowing attackers to upload executable files without authentication. The vulnerability affects versions of Magento up to 2.4.9-alpha2 and could enable cross-site scripting (XSS) attacks in releases prior to 2.3.5. Adobe has released a pre-release version of Magento 2.4.9 that fixes the vulnerability, but no standalone patch is available for current production versions. To mitigate this vulnerability, organizations should block attacks in real time with web application firewalls (WAFs), restrict access to upload directories via proper server configuration, and scan systems for compromise. Attackers have already circulated an exploit for this vulnerability, and automated attacks are likely to emerge soon, making immediate action essential. A recent research by Netcraft has revealed a large-scale campaign targeting over 7,500 Magento sites, highlighting the importance of addressing the PolyShell vulnerability.
PolyShell is a critical vulnerability that has been discovered in the Magento and Adobe Commerce REST API, allowing attackers to upload executable files without authentication. This flaw was identified by Sansec, a security firm that specializes in discovering and disclosing vulnerabilities.
The PolyShell vulnerability affects versions of Magento up to 2.4.9-alpha2 and could also enable cross-site scripting (XSS) attacks in releases prior to 2.3.5. This means that many online stores built using these platforms are vulnerable to exploitation by attackers.
The issue arises from the way that the Magento REST API handles file uploads via cart item options. When a product option has type "file," Magento processes an embedded file_info object containing base64-encoded file data, a MIME type, and a filename. The file is then written to the pub/media/custom_options/quote directory on the server.
The problem with this setup is that it allows attackers to upload executable files without authentication. This could potentially be used for a range of malicious purposes, including the installation of malware, the execution of unauthorized commands, and the theft of sensitive data.
Adobe has acknowledged the issue and released a pre-release version of Magento 2.4.9 that fixes the vulnerability. However, no standalone patch is available for current production versions, and many stores use custom configurations that leave upload directories exposed.
To mitigate this vulnerability, organizations are advised to block attacks in real time with web application firewalls (WAFs), restrict access to upload directories via proper server configuration, and scan systems for compromise. Blocking access alone does not stop malicious uploads, making active protection essential.
It is worth noting that Sansec has pointed out that the exploit for this vulnerability is already circulating, and automated attacks are likely to emerge soon. This means that it is essential for online stores built using Magento or Adobe Commerce to take immediate action to address this vulnerability.
Recent research by Netcraft has revealed a large-scale campaign in which over 7,500 Magento sites have been defaced since February 27. Attackers have placed plaintext defacement files across more than 15,000 hostnames, directly compromising affected infrastructure.
This highlights the importance of addressing the PolyShell vulnerability and taking proactive steps to protect online stores from exploitation by attackers.
In addition to this vulnerability, there are several other security concerns that organizations need to be aware of when it comes to file uploads. For example, many web server configurations enable remote code execution (RCE) or account takeover (stored XSS), which could also leave online stores vulnerable to attack.
The Navia data breach, which was reported earlier this month, has had a significant impact on nearly 2.7 million people. This highlights the importance of robust security measures in place to protect sensitive data.
In conclusion, the PolyShell vulnerability is a critical flaw that exposes Magento and Adobe Commerce to file upload attacks. Organizations need to take immediate action to address this vulnerability and implement effective security measures to protect their online stores from exploitation by attackers.
The PolyShell vulnerability is a critical flaw that has been discovered in the Magento and Adobe Commerce REST API, allowing attackers to upload executable files without authentication. This flaw affects many online stores built using these platforms and highlights the importance of robust security measures to protect sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/The-PolyShell-Vulnerability-A-Critical-Flaw-Exposes-Magento-and-Adobe-Commerce-to-File-Upload-Attacks-ehn.shtml
https://securityaffairs.com/189744/security/polyshell-flaw-exposes-magento-and-adobe-commerce-to-file-upload-attacks.html
https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/
https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html
Published: Sat Mar 21 06:54:26 2026 by llama3.2 3B Q4_K_M
