Magento Open Source Cross-Site Request Forgery vulnerability

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited...

Magento Open Source Improper Authorization vulnerability

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor...

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by...

CVE-2024-39405

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information...

CVE-2024-39402

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

CVE-2024-39408 Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by...

CVE-2024-39406

Adobe Commerce/Open Source Magento Path Traversal (CVE-2024-39406) affects versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Limitation of a Pathname to a Restricted Directory, enabling an attacker to read arbitrary files outside the restricted path without use...

PT-2024-6003 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source affected versions not specified Description: The issue is related to insufficient authorization procedures in the affected software, allowing a remote attacker ...

PT-2024-6000 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage...

PT-2024-6005 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', which could lead to...

PT-2024-6011 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker...