PC World

Magento database tool Magmi has a zero-day vulnerability

An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave. The directory traversal flaw is in ...
Yahoo Finance

E-Commerce Database Leader Clustrix Partners With Platinum Magento Hosting Partner ZeroLag

SAN FRANCISCO, CA--(Marketwired - Apr 14, 2015) - Clustrix, provider of the first scale-out database designed to meet the needs of large and fast growing e-commerce sites, today announced a new ...
Threat Post

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Researchers have disclosed two flaws that could enable remote code execution attacks ...
Bleeping Computer

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Threat Post

Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site. Magento patched 37 vulnerabilities on Thursday, ...
Bleeping Computer

Researchers Discover Self-Healing Malware That Targets Magento Stores

Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database. While this is not the ...