Description

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.

Remediation

References

CVE-2022-34254

Related Vulnerabilities

MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1971)

PHP Out-of-bounds Read Vulnerability (CVE-2020-7067)

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10210)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7330)

WordPress Plugin Multiplayer Games Cross-Site Scripting (3.7)

Severity

High

Classification

CVE-2022-34254 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities