New RCE flaw added to Adobe Commerce, Magento security advisory

From zdnet.com

Adobe has updated its advisory on an actively-exploited critical vulnerability in the Magento and Commerce Open Source platforms to include another RCE bug.

The tech giant published revisions to the advisory on February 17. 

Adobe originally issued an out-of-band patch on February 13 to resolve CVE-2022-24086, a critical pre-auth vulnerability that can be exploited by attackers to remotely execute arbitrary code. 

Read more…