2 matches found
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
PT-2023-5394 · Adobe · Commerce +1
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p1 and earlier Adobe Commerce versions 2.4.5-p3 and earlier Adobe Commerce versions 2.4.4-p4 and earlier Description: The issue is related to insufficient access control in Adobe Commerce and Magento Open Source,...