CVE-2024-39397Unrestricted File Upload in Adobe Commerce

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
9.2%
top 7.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe CommerceAdobe CommerceAdobe Magento
Timeline
PublishedAug 14

Description

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages3 packages

NVDadobe/commerce2.4.3+4
CVEListV5adobe/adobe_commerce2.4.4-p9
NVDadobe/magento2.4.3+4

🔴Vulnerability Details

2
CVEList
Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)2024-08-14
GHSA
GHSA-wgh4-93w8-x5p9: Adobe Commerce versions 22024-08-14
CVE-2024-39397 — Unrestricted File Upload in Adobe | cvebase