‼️ Advanced Magento 2.x exploitation tool for unauthenticated RCE via polyglot file upload throug...

Summary

A new exploitation tool has been publicly released that targets Magento 2.x instances, enabling unauthenticated remote code execution through polyglot file uploads via the REST API. The tool tests 45+ PHP extensions with multi-header support (PNG/GIF) to maximize exploitation coverage. This represents a significant security risk for Magento deployments lacking proper patching and input validation.

Indicators of Compromise

• url — https://github.com/[repository-url]

Entities