XML Injection Vulnerability in Adobe Commerce Versions 2.4.6-p1 and Earlier

XML Injection Vulnerability in Adobe Commerce Versions 2.4.6-p1 and Earlier

CVE-2023-38207 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

Learn more about our User Device Pen Test.