Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe commerce 2.3.7 |
||
adobe commerce 2.4.3 |
||
adobe commerce 2.4.4 |
||
adobe commerce 2.4.5 |
||
adobe commerce 2.4.6 |
||
adobe magento 2.4.4 |
||
adobe magento 2.4.5 |
||
adobe magento 2.4.6 |
||
adobe commerce 2.4.0 |
||
adobe commerce 2.4.1 |
||
adobe commerce 2.4.2 |
||
adobe magento 2.4.7 |
||
adobe commerce 2.4.7 |