Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | RCE in Adobe Commerce Webhook module via POST /admin/webhooks/hook/save/key/{key} `general[webhook_method]` form data | Adobe Commerce | Improper Input Validation (CWE-20) |
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-06-13T09:05:00.703Z
Updated: 2024-09-17T11:08:17.339Z
Reserved: 2024-04-30T19:50:50.902Z
Link: CVE-2024-34109
Vulnrichment
Updated: 2024-08-02T02:42:59.898Z
NVD
Status : Modified
Published: 2024-06-13T09:15:12.820
Modified: 2024-11-21T09:18:07.147
Link: CVE-2024-34109
Redhat
No data.