CVE-2020-9664

CWE-502Deserialization of Untrusted DataCWE-94Code Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
16.1%
top 5.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Magento MagentoMagento CoreAdobe Magento
Timeline
PublishedJul 22
Latest updateMay 24

Description

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Packagistmagento/core1.9.4.5
NVDmagento/magento1.9.4.5+1
CVEListV5adobe/magento1.14.4.5 and earlier, and 1.9.4.5 and earlier versions

🔴Vulnerability Details

3
GHSA
Magento php object injection vulnerability2022-05-24
OSV
Magento php object injection vulnerability2022-05-24
CVEList
CVE-2020-9664: Magento versions 12020-07-22
CVE-2020-9664 (CRITICAL CVSS 9.8) | Magento versions 1.14.4.5 and earli | cvebase.io