137 matches found
Design/Logic Flaw
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
APSB23-42 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read...
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29291
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29292
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29291
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29292
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
Server side request forgery (ssrf)
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29292 Server Side Request Forgery (SSRF) in FedEx carrier integration configuration
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29292
CVE-2023-29292 affects Adobe Commerce (Magento) variants, including 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue is a Server-Side Request Forgery (SSRF) that lets an admin-privileged, authenticated attacker force the application to make arbitrary URL requests, pote...
CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...
APSB23-35 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and arbitrary file system read...
CVE-2023-22247
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...
CVE-2023-22247
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...
Design/Logic Flaw
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...
CVE-2023-22247
Adobe Commerce (Magento) XML Injection vulnerability CVE-2023-22247 affects 2.4.4-p2 and earlier, and 2.4.5-p1 and earlier. An unauthenticated attacker can force the application to make arbitrary requests by injecting URLs, potentially enabling arbitrary file system read. Impact is high for confi...