PT-2024-41516 · Packagist · Magento Community Edition+1
Publicado
2024-08-14
·
Atualizado
2024-08-14
CVSS v3.1
8.4
Alta
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Magento Community Edition
Magento/Project-Community-Edition