Magento: Exposes to Remote Code Execution


In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8 a critical severity vulnerability CVE-2024-34102 was detected. This allows attackers to execute unauthorized code on the server or access sensitive information by sending malicious XML documents, without needing any user interaction. To fix this problem, users should upgrade Magento Adobe Commerce to version 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34102.