VYPR
Unrated severityNVD Advisory· Published Aug 14, 2024· Updated Sep 16, 2024

Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

CVE-2024-39397

Description

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.

Affected products

2
  • Adobe Inc./Commercellm-fuzzy2 versions
    <=2.4.7-p1, <=2.4.6-p6, <=2.4.5-p8, <=2.4.4-p9+ 1 more
    • (no CPE)range: <=2.4.7-p1, <=2.4.6-p6, <=2.4.5-p8, <=2.4.4-p9
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.