Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HAdobe Commerce
APPAdobe2.4.42.4.52.4.62.4.7≤ 2.4.3Adobe Magento
APPAdobe2.4.42.4.52.4.62.4.7≤ 2.4.3
Related vulnerabilities
Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation
Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input va...
Adobe Commerce — Incorrect Authorization umożliwiające privilege escalation
Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation