Sansec

**Name of the Vulnerable Software and Affected Versions** Amasty Order Attributes for Magento 2 versions prior to 4.0.0 **Description** An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoint lacks authentication, session validation, and cart context. This can lead to remote code execution if the media directory permits PHP execution. Additionally, it enables malware hosting, stored cross-site scripting (XSS)—where malicious scripts are permanently stored on the server—via HTML or SVG uploads, and path traversal to write files outside the intended directory. **Recommendations** Update to version 4.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 **Description** A PHP object injection issue exists due to the unrestricted use of the native `unserialize()` function. Unauthenticated attackers can achieve remote code execution by providing a crafted serialized PHP object within the `CacheWarmer` cookie, leveraging gadget chains available in Magento and its dependencies. This flaw has been actively exploited in the wild to deploy web shells and create administrative accounts, affecting thousands of Adobe Commerce storefronts. **Recommendations** Update to version 1.11.12 or later. As a temporary mitigation, restrict or monitor the use of the `CacheWarmer` cookie to minimize the risk of exploitation.