7 matches found
PT-2025-6370 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.7-p3 Adobe Commerce versions 2.4.6-p8 Adobe Commerce versions 2.4.5-p10 Adobe Commerce versions 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerabilit...
PT-2025-6362 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker...
CVE-2023-38218
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation...
Sql injection
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
Sql injection
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
CVE-2023-38218 Incorrect Authorization - Customer account takeover
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation...
PT-2023-5986 · Adobe · Commerce +1
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p5 Description: The issue is related to the lack of protection of the web page structure in Magento Open Source and Adobe Commerce, allowing a remote attacker to conduct cross-site scripting...