Input validation

2022-08-1621:15:00

PRIOn knowledge base

www.prio-n.com

adobe commerce

xml injection

widgets module

remote code execution

exploitation

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
commerceeq2.3.7 p1
commerceeq2.4.3 p1
commerceeq2.4.3
commerceeq2.3.7 p2
commerceeq2.4.4
commerceeq2.4.3 p2
commerceeq2.3.7
commercege2.4.0
commercelt2.4.3
commerceeq2.3.7 p3

Name	Operator	Version
commerce	eq	2.3.7 p1
commerce	eq	2.4.3 p1
commerce	eq	2.4.3
commerce	eq	2.3.7 p2
commerce	eq	2.4.4
commerce	eq	2.4.3 p2
commerce	eq	2.3.7
commerce	ge	2.4.0
commerce	lt	2.4.3
commerce	eq	2.3.7 p3