Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.
History

Tue, 17 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
Title RCE in Adobe Commerce Webhook module via POST /admin/webhooks/hook/save/key/{key} `general[webhook_method]` form data Adobe Commerce | Improper Input Validation (CWE-20)

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-06-13T09:05:00.703Z

Updated: 2024-09-17T11:08:17.339Z

Reserved: 2024-04-30T19:50:50.902Z

Link: CVE-2024-34109

cve-icon Vulnrichment

Updated: 2024-08-02T02:42:59.898Z

cve-icon NVD

Status : Modified

Published: 2024-06-13T09:15:12.820

Modified: 2024-11-21T09:18:07.147

Link: CVE-2024-34109

cve-icon Redhat

No data.