E-commerce

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a high severity vulnerability CVE-2024-39406 was detected. This vulnerability allows attackers to perform Path Traversal, potentially leading to arbitrary file system read. To address this issue, it is recommended to apply the latest security patches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39406.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a critical severity vulnerability CVE-2024-39397 was detected. This vulnerability allows attackers to execute arbitrary code by uploading a malicious file, which can then be executed on the server. To address this issue, users must apply the latest security updates. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39397.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8 and 2.4.4-p9 a medium severity vulnerability CVE-2024-39415 was detected. This vulnerability allows attackers to bypass security features and access minor information without user interaction. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9 and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39415.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39410 was detected. This vulnerability allows attackers to perform unauthorized actions on behalf of a user by tricking them into interacting with a malicious request. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39410.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9, a high severity vulnerability CVE-2024-39401 was detected. This vulnerability lets an admin attacker accidentally run harmful commands on the system due to how special input elements are handled, needing user interaction to trigger the problem. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39401.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39416 was detected. This vulnerability allows low-privileged attackers to bypass security features and disclose minor information without requiring user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39416.

In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39419 was detected. This problem allows someone with limited access to bypass security protections and make small changes without permission. It can be exploited without any user action. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39419.

In Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39418 was detected. This vulnerability allows attackers to bypass security measures and gain unauthorized access to view and edit low-sensitivity information without needing any user interaction. To fix this problem, users should upgrade Magento Open Source to versions 2.4.7-p2 for 2.4.7-p1 and earlier, 2.4.6-p7 for 2.4.6-p6 and earlier, 2.4.5-p9 for 2.4.5-p8 and earlier, and 2.4.4-p10 for 2.4.4-p9 and earlier. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39418.

In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39417 was detected. This vulnerability allows low-privileged attackers to bypass security features and access minor information without user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39417.