Magento 1.9.0.0 is over 10 years old and highly insecure.
If you're looking for more information on this vulnerability, I recommend checking out: magento 1900 exploit github link
In recent years, Magento, a popular e-commerce platform, has been a frequent target for hackers and cyber attackers. One of the most significant threats to Magento users is the Magento 1.9.0.0 - 1.9.0.2 (and possibly earlier) remote code execution (RCE) exploit. This vulnerability allows attackers to execute arbitrary code on vulnerable Magento installations, potentially leading to complete control over the affected system. Magento 1
Several GitHub repositories and security advisories provide proof-of-concept (PoC) code for vulnerabilities affecting , most notably the critical "Shoplift" (SUPEE-5344) exploit. This vulnerability allows unauthenticated attackers to execute remote code and gain full administrative access to a store's database. Key Exploit Repositories for Magento 1.9 Key Exploit Repositories for Magento 1
This exploit marked a shift from random defacements to highly targeted, automated "skimming" operations. It turned the checkout page—the most sacred point of a customer’s journey—into a silent surveillance tool.