4 matches found
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207
Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...