更新: 2933 个文件 - 2026-03-18 11:36:11

08-threat-intel/registry/triage/magento-open-source--4bd674a1cf.json

@@ -0,0 +1,12 @@
+{
+  "canonical_id": "magento-open-source--4bd674a1cf",
+  "system_id": "magento-open-source",
+  "title": "Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce   2026-03-17  A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files to any store. Adobe fixed the issue in a pre-release version but has not backported the patch. Many stores run web server configurations that enable either remote code execution (RCE) or acc...   skimming   magento   adobe-commerce   rce   +3",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://sansec.io/research/magento-polyshell"
+  ]
+}