Page 117 of 8809 results (0.032 seconds)

CVSS: 7.2EPSS: 1%CPEs: 71EXPL: 0

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 71EXPL: 0

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 97%CPEs: 71EXPL: 19

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. • https://github.com/bigb0x/CVE-2024-34102 https://github.com/11whoami99/CVE-2024-34102 https://github.com/unknownzerobit/poc https://github.com/d0rb/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102-Python https://github.com/Chocapikk/CVE-2024-34102 https://github.com/th3gokul/CVE-2024-34102 https://github.com/0x0d3ad/CVE-2024-34102 https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.1EPSS: 0%CPEs: 71EXPL: 0

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. ... La explotación de este problema no requiere la interacción del usuario, pero se requieren privilegios de administrador Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Una vulnerabilidad de inyección SQL en itsourcecode Billing System 1.0 permite a un atacante local ejecutar código arbitrario en Process.php a través del parámetro de nombre de usuario. • https://github.com/ganzhi-qcy/cve/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •