The Magento e-commerce platform could soon face a number of attacks after hackers publicly released code that exploits a critical vulnerability in its systems which could be used to plant payment card skimmers on sites that have not yet been updated.
PRODSECBUG-2198 is the name of the SQL injection vulnerability that attackers can exploit without the need for authentication.
Any hacker that can obtain user names and crack the password hashes protecting these credentials could theoretically exploit the flaw to take administrative control of administrator accounts. Upon gaining access, they then could install backdoors or any skimming code they choose.
- How are consumers protecting themselves against online fraud?
- Phishing scams account for half of all fraud attacks
- Pointing to the future: the next step in fraud prevention
Source : Tech Radar