Sql injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

Sql injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

CVE-2023-38218 Incorrect Authorization - Customer account takeover

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation...

PT-2023-5986 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p5 Description: The issue is related to the lack of protection of the web page structure in Magento Open Source and Adobe Commerce, allowing a remote attacker to conduct cross-site scripting...

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via the command execution interface. An attacker can execute arbitrary code by injecting malicious commands into the system. This is only exploitable if t...