Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.5 views

Magento Improper Authorization leads to Security feature bypass

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...

4.3CVSS6.6AI score0.00442EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.5 views

Magento Improper Authorization vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information...

4.3CVSS6.4AI score0.00429EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/08/14 12:35 p.m.1 views

GHSA-Q628-54WG-4R5Q Magento does not properly restrict excessive authentication attempts

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentiall...

7.4CVSS6.5AI score0.00751EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.4 views

Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

8.4CVSS7.6AI score0.01529EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.6 views

Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

8.4CVSS7.6AI score0.01529EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/08/14 12:15 p.m.30 views

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

7.6CVSS0.0049EPSS
Exploits0References1
Rows per page
Query Builder