CVE-2024-20717

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

Adobe Commerce 资源管理错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A resource management error vulnerability exists in Adobe Commerce version 2.4.6-p3 and prior to versions 2.4.5-p5 and 2.4.4-p6, which stems from the...

SQL Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. An attacker can execute arbitrary code by injecting SQL commands without user...

SQL Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to SQL Injection through the manipulation of SQL queries. An attacker can execute arbitrary code on the system by injecting malicious SQL commands into the input fields that a...

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization due to improper handling of authorization checks. An attacker can bypass security features and access unauthorized data without user interaction...

SQL Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. An attacker can execute arbitrary code by injecting SQL commands without user...