CVE-2024-34110

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. A high-privilege attacker could exploit this by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.

Recommendations For Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, consider disabling file upload functionality until a patch is available. Restrict access to the file upload module to minimize the risk of exploitation. Avoid using the file upload feature in the affected Adobe Commerce versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.