Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
Remediation
References
Related Vulnerabilities
WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)
Microsoft SQL Server CVE-2023-32025 Vulnerability (CVE-2023-32025)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
WordPress Plugin CM Footnotes Cross-Site Scripting (1.1.4)
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)