Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Remediation

References

CVE-2022-24086

Related Vulnerabilities

WordPress Plugin Cartogiraffe Map Cross-Site Scripting (1.0)

WordPress Plugin Larsens Calender Cross-Site Scripting (1.2)

Oracle Database Server Other Vulnerability (CVE-2002-0840)

WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)

MySQL CVE-2014-6559 Vulnerability (CVE-2014-6559)

Severity

Critical

Classification

CVE-2022-24086 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities