> The $licenseFile can be controlled by the attacker using the adminUploadLicense function
This is just as likely to be an RCE as it is to be a backdoor. Calling `include` on a file the user can write to is just asking for it. This has been a known footgun for decades.
A lot of latent payloads are going to be activated ASAP before automated AI detection becomes the norm. AI ain't perfect, but it's good at this sort of thing.
The vendor responses seem pretty strange:
> Magesolution (MGS) did not respond, but the backdoored packages can still be downloaded from their site as of Apr 30th.
> Tigren denies to have been hacked, but the backdoored packages are still available on their site as of Apr 30th.
> Meetanshi claims that their software has not been tampered with, but confirmed that their server got hacked.
Not that strange, unless forced by law vendors will commonly deny all knowledge and responsibility.
These all look like some Adobe plugin (sold by Adobe store)
Thanks. I was skimming article but it seemed like it was missing some critical context
> The $licenseFile can be controlled by the attacker using the adminUploadLicense function
This is just as likely to be an RCE as it is to be a backdoor. Calling `include` on a file the user can write to is just asking for it. This has been a known footgun for decades.
A lot of latent payloads are going to be activated ASAP before automated AI detection becomes the norm. AI ain't perfect, but it's good at this sort of thing.