Ensure your server and database are properly secured, and credentials are strong.
Improper sanitization of parameters inside the core database abstraction layer. magento 1900 exploit github link
Once administrative access—or a loophole in an unprotected API endpoint—is established, the attacker leverages Magento's layout or template rendering blocks to execute PHP code on the host server. What Does a GitHub Exploit PoC Look Like? Ensure your server and database are properly secured,
A flaw in the Mage_Core_Controller_Varien_Router_Admin class. magento 1900 exploit github link