Friday, May 23, 2025
HomeComputer SecurityCritical Magento Vulnerability Let Unauthenticated Attackers to Execute Code

Critical Magento Vulnerability Let Unauthenticated Attackers to Execute Code

Published on

SIEM as a Service

Follow Us on Google News

Sansec Threat Research Team noticed a surge in Magento 2 template attacks. This critical template vulnerability in Magento 2 tracked as (CVE-2022-24086) is increasing among eCommerce cyber criminals. The vulnerability allows unauthenticated attackers to execute code on unpatched sites.

Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. More than 150,000 online stores have been created on the platform. As of April 2021, Magento holds a 2.32% market share in global e-commerce platforms.

Critical Magento Vulnerability

Adobe patched this Magento 2 Vulnerability (CVE-2022-24086) in February 2022; later on the security researchers have created exploit code for the vulnerability that opens a way to mass exploitation. 

- Advertisement - Google News

Sansec researchers shared findings of 3 template hacks. The report says the observed attacks have been interactive; since the Magento checkout flow is very hard to automate. It starts with the creation of a new customer account and an order placement, which may result in a failed payment.

https://www.bleepstatic.com/images/news/u/1220909/Code%20and%20Details/part-of-inj-code.png
Part of the Injected Template Code

Experts say, this downloads a Linux executable called 223sam(.)jpg and launches it as a background process.

“It is actually a Remote Access Trojan (RAT). While it remains in memory, it creates a state file and polls a remote server hosted in Bulgaria for commands”, Sansec

Researchers pointed out that RAT has full access to the database and the running PHP processes. Also, RAT can be injected on any of the nodes in a multi-server cluster environment.

Another variation of this attack is the attempted injection of a health_check.php backdoor. It creates a new file accepting commands via the POST parameter:

Malicious PHP file

A third attack variation has this template code, which replaces generated/code/Magento/Framework/App/FrontController/Interceptor.php. This malware is then executed on every Magento page request.

PHP eval Backdoor Created

Therefore, experts recommend the Magento 2 site administrators to upgrade their software to the latest version.

Download Free SWG – Secure Web Filtering – E-book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats,...

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself...

GenAI Assistant DIANNA Uncovers New Obfuscated Malware

Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This...

Hackers Expose 184 Million User Passwords via Open Directory

A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent...

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...