Adobe Magento Open Source / Commerce versions 2.4.7 < 2.4.7-p1, 2.4.6 < 2.4.6-p6, 2.4.5 < 2.4.5-p8, 2.4.4 < 2.4.4-p9 and earlier suffer from an XML External Entity (XXE) vulnerability. By exploiting this vulnerability and crafting a malicious XML document, a remote and unauthenticated attacker could achieve Remote Code Execution (RCE) on the vulnerable Magento instance.
No source data