By 2020, Adobe (which acquired Magento) officially . This means no more security patches. Zero. None.
Here is the hard truth: Installing a third-party security patch (like from Mageplaza or OpenMage) might block known exploits, but GitHub repos update daily with zero-day bypasses. magento 1.9.0.0 exploit github
Versions 1.9.4.5 and earlier are vulnerable to object injection, which can also lead to arbitrary code execution. GitHub Security Resources By 2020, Adobe (which acquired Magento) officially
This is the big one. The Shoplift vulnerability (addressed in later patches) allowed an attacker to execute arbitrary code via the RSS and checkout/cart controllers. On GitHub, you will find Python scripts that: GitHub Security Resources This is the big one
The Magento 1.9.0.0 exploit was publicly disclosed on GitHub, a popular platform for developers to share and collaborate on code. The disclosure included a proof-of-concept (PoC) exploit, which demonstrated the vulnerability and provided a clear example of how to exploit it.