Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also enable XSS in releases prior to 2.3.5, exposing many online stores to compromise.
“A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files ...
