An unpatched vulnerability in Magento platform could be exploited by hackers to compromise fully web servers that host e-commerce sites. The vulnerability was reported by experts at the security firm DefenseCode. The issue resides in a feature that was implemented to retrieve preview images for Vimeo videos. An attacker triggering the vulnerability could remotely execute code by tricking Magento to download an.htaccess configuration file that enables. PHP execution inside the download directory and then downloading a malicious. PHP script that can work as a backdoor.”]
Source: https://securityaffairs.co/wordpress/57991/hacking/magento-hack.html

