← back
CVE-2022-24093

Adobe Commerce post-auth improper input validation leads to remote code execution

CVSS 9.1 CRITICALEPSS 1.5%CWE-20
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
12 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Adobe · Adobe Commerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →