2 matches found
CVE-2023-26367
CVE-2023-26367 affects Adobe Commerce/Magento (Magento Open Source) and Magento Commerce. The issue is an Improper Input Validation in the product bulk import logic that can allow an authenticated admin user to read arbitrary files from the file system. The vulnerability arises from error-based f...
CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...