Description
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://helpx.adobe.com/security/products/magento/apsb24-18.html
Scores
CVSS v3
9.0
EPSS
0.0220
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (8)
adobe/commerce
adobe/commerce
2.3.7 (9 CPE variants)
adobe/commerce
2.4.0 (5 CPE variants)
adobe/commerce
2.4.1 (5 CPE variants)
adobe/commerce
2.4.2 (8 CPE variants)
adobe/commerce
2.4.3 (8 CPE variants)
adobe/commerce
2.4.4 (8 CPE variants)
adobe/commerce
2.4.5 (6 CPE variants)
Published
Apr 10, 2024
Tracked Since
Feb 18, 2026