E-commerce

In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39419 was detected. This problem allows someone with limited access to bypass security protections and make small changes without permission. It can be exploited without any user action. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39419.

In Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39418 was detected. This vulnerability allows attackers to bypass security measures and gain unauthorized access to view and edit low-sensitivity information without needing any user interaction. To fix this problem, users should upgrade Magento Open Source to versions 2.4.7-p2 for 2.4.7-p1 and earlier, 2.4.6-p7 for 2.4.6-p6 and earlier, 2.4.5-p9 for 2.4.5-p8 and earlier, and 2.4.4-p10 for 2.4.4-p9 and earlier. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39418.

In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39417 was detected. This vulnerability allows low-privileged attackers to bypass security features and access minor information without user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39417.

In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39416 was detected. This vulnerability allows low-privileged attackers to bypass security features and disclose minor information without requiring user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39416.

In Prestashop v.8.1.7 and earlier a critical severity vulnerability CVE-2024-41651 was detected. It allows a remote attacker to run arbitrary code through the module upgrade feature. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41651.

In WooCommerce versions before 3.5.1 a medium severity vulnerability CVE-2024-43128 was detected. This vulnerability allows an attacker to inject malicious code due to insufficient input validation. To fix this issue, users must upgrade to a version later than 3.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43128.

In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity Server-Side Request Forgery (SSRF) vulnerability CVE-2024-34111 was detected. This vulnerability allows attackers to force the application to make arbitrary requests, potentially leading to arbitrary file system reads. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34111.

In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity vulnerability CVE-2024-34108 was detected. This improper input validation vulnerability allows attackers to execute arbitrary code within the context of the current user. Although no user interaction is required for exploitation, admin privileges are needed, and the scope of the attack is changed. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34108.

In Magento versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a critical severity vulnerability CVE-2024-34107 was detected. This vulnerability relates to improper access control and allows attackers to bypass security measures and view minor unauthorized information. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34107.