2 matches found
CVE-2026-32271
CVE-2026-32271 affects Craft Commerce (Craft CMS) in versions 4.0.0–4.10.2 and 5.0.0–5.5.4, where an SQL injection in the Commerce TotalRevenue widget allows any authenticated control panel user to achieve remote code execution. The exploit involves unsanitized widget settings interpolated into S...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...