Magento Open Source Improper Access Control vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...

CVE-2024-34104 Adobe Commerce | Improper Authorization (CWE-285)

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both...

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ‘XXE’ vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

PT-2024-4485 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read and potentially result in arbitrary co...

PT-2024-4177 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. A high-privilege attacker could...

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation due to improper input validation. An attacker can execute arbitrary code in the context of the current user by sending specially crafted input to...