Lucene search
K

137 matches found

Prion
Prion
added 2023/08/09 8:15 a.m.27 views

Design/Logic Flaw

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

5CVSS7.6AI score0.00828EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 7:41 a.m.32 views

CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.7AI score0.00828EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 7:41 a.m.9 views

CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.6AI score0.00828EPSS
Exploits0References1
Adobe
Adobe
added 2023/08/08 12:0 a.m.209 views

APSB23-42 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read...

7.7AI score
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/15 9:30 p.m.13 views

Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score0.00986EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/15 9:30 p.m.8 views

Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score0.00861EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2023/06/15 7:15 p.m.19 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS5.1AI score0.00986EPSS
Exploits0References1
NVD
NVD
added 2023/06/15 7:15 p.m.25 views

CVE-2023-29292

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS5.1AI score0.00861EPSS
Exploits0References1
OSV
OSV
added 2023/06/15 7:15 p.m.22 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2023/06/15 7:15 p.m.21 views

CVE-2023-29292

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2023/06/15 7:15 p.m.19 views

Server side request forgery (ssrf)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

3.3CVSS5.8AI score0.00986EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/06/15 12:0 a.m.33 views

CVE-2023-29292 Server Side Request Forgery (SSRF) in FedEx carrier integration configuration

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS5.4AI score0.00861EPSS
Exploits0References1
CVE
CVE
added 2023/06/15 12:0 a.m.116 views

CVE-2023-29292

CVE-2023-29292 affects Adobe Commerce (Magento) variants, including 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue is a Server-Side Request Forgery (SSRF) that lets an admin-privileged, authenticated attacker force the application to make arbitrary URL requests, pote...

4.9CVSS5.5AI score0.00861EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/06/15 12:0 a.m.21 views

CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS5.4AI score0.00986EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.9 views

CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score0.00986EPSS
Exploits0References1
Adobe
Adobe
added 2023/06/13 12:0 a.m.182 views

APSB23-35 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and arbitrary file system read...

7.4AI score
Exploits0Affected Software2
NVD
NVD
added 2023/03/27 9:15 p.m.28 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...

7.5CVSS7.7AI score0.00928EPSS
Exploits0References1
OSV
OSV
added 2023/03/27 9:15 p.m.21 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...

7.5CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2023/03/27 9:15 p.m.23 views

Design/Logic Flaw

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...

5CVSS7.7AI score0.00928EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/03/27 12:0 a.m.273 views

CVE-2023-22247

Adobe Commerce (Magento) XML Injection vulnerability CVE-2023-22247 affects 2.4.4-p2 and earlier, and 2.4.5-p1 and earlier. An unauthenticated attacker can force the application to make arbitrary requests by injecting URLs, potentially enabling arbitrary file system read. Impact is high for confi...

7.5CVSS7.7AI score0.00928EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder