CVE-2024-39402

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Aug 14, 2024

CWE ID 78

Summary

CVE-2024-39402 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier. This issue involves an Improper Neutralization of Special Elements in OS Commands, also known as OS Command Injection. An attacker who exploits this vulnerability can execute arbitrary code with administrative privileges, requiring user interaction for exploitation. This security flaw poses a significant risk and merchants are urged to apply the necessary patches as soon as possible to mitigate the potential damage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wovdzl
https://www.cve.org/CVERecord?id=CVE-2024-39402
https://nvd.nist.gov/vuln/detail/CVE-2024-39402

Back to Vulnerability Database