CVE-2024-20758 — Improper Input Validation in Adobe Commerce

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

2.2%

top 15.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Adobe Commerce Magento Project-community-edition +2 more

Timeline

PublishedApr 10

Description

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages5 packages

▶CVEListV5adobe/adobe_commerce2.4.7-beta3

▶NVDadobe/commerce9 versions+8

▶NVDadobe/magento4 versions+3

▶Packagistmagento/community-edition2.4.7-beta1 — 2.4.7+3

▶Packagistmagento/project-community-edition2.0.2

🔴Vulnerability Details

CVEList

Adobe Commerce | Improper Input Validation (CWE-20)↗2024-04-10

▶

OSV

Magento Open Source allows Improper Input Validation↗2024-04-10

▶

GHSA

Magento Open Source allows Improper Input Validation↗2024-04-10

▶