Hi @Andy_Acute 

It may be an attack. Make sure that your website is fully patched. Please follow

Security Best Practices Guide also read

https://developer.adobe.com/commerce/php/architecture/basics/security/ 

If you are using a custom template for the registration page make sure you are validating and sanitizing the input variables.

You can scan your website using Magento Security scanner.

Thanks

Hi @Andy_Acute 

This vulnerability CVE-2022-24086 has been patched. You should apply the patch mentioned on this page https://helpx.adobe.com/security/products/magento/apsb22-12.html

This will fix the problem for you.

Thanks

Hello I had this same problem earlier this year. I was able to block the ip address & upgraded to 2.4.4. However, today I got an order/confirmation using the same information  The billing address information is fake. The shipping customer name information is:

{{var this.getTemplateFilter().filter($order.shipping_address.city)}}{{var this.getTemplateFilter().addAfterFilterCallback($order.shipping_address.last_name).filter($order.shipping_address.city)}} system

I also have custom dependent options & they were able to somehow select options that aren't available based on previous options chosen. Any ideas what could be done about it???

Thanks in advance for any help.

Thank you Mukesh

I followed the patch installation instructions and all went well.

I also confirmed the patches installed by comparing the files and could see the changes.

Many Thanks again for your advise and help.

Andy

Hi Mukesh

Running the Magento Security Scanner I see that there is another patch APSB22-38 alert.

https://helpx.adobe.com/uk/security/products/magento/apsb22-38.html

I can't see how I download and install this.

Any Advise?

Thank you

Andy

Hi @Andy_Acute 

Please read following article https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-Patch-Release/ba-p/141...  for information about security only patch.

Hi Mukesh

Thanks again for your advice.

So reading through the contents of that link, am I right in saying that the latest security patch APSB22-38 is not yet available for the Magento 2.4.3 Open Source version, but will be in a couple of weeks?

If that is correct, how do we get notified of it's availability for Open Source?

Also, the method of Magento versions, functionality and security patches seems overly complex, confusing and convoluted as many other users have expressed.

Thank you again

Andy

Hi Mukesh

I'm still not clear on how to apply this patch APSB22-38

Anyone else used this patch?

Thank you

Andy

So I found the correct method of upgrading to Magento 2.4.3-p3

I followed this advice but swapped out the require command to 2.4.3-p3

https://www.mageplaza.com/devdocs/upgrade-magento-2.html

Don't forget to back up your code and database.

In all, I used:

composer require magento/product-community-edition 2.4.3-p3 --no-update

rm -rf var/view_preprocessed pub/static/frontend

rm -rf var/generatiom

php -dmemory_limit=3G bin/magento setup:upgrade

php -dmemory_limit=4G bin/magento setup:di:compile

php bin/magento indexer:reindex

php bin/magento cache:flush

php bin/magento cache:clean

I hope this helps.

Andy