CVE-2024-34110

high-risk
Published 2024-06-13

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.

Do I need to act?

~
5.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Adobe

References (2)

Vendor Advisory https://helpx.adobe.com/security/products/magento/apsb24-40.html
Vendor Advisory https://helpx.adobe.com/security/products/magento/apsb24-40.html
63
/ 100
high-risk
Severity 26/34 · High
Exploitability 9/34 · Low
Exposure 28/34 · Critical