Lucene search
K

4 matches found

NVD
NVD
added 2023/08/09 8:15 a.m.31 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.6AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 7:41 a.m.6 views

CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.2AI score0.00828EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/09 7:41 a.m.9 views

CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.6AI score0.00828EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 7:41 a.m.81 views

CVE-2023-38207

Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...

7.5CVSS7.6AI score0.00828EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder