漏洞标题
验证您的输入 | 服务器端请求伪造(SSRF) (CWE-918)
漏洞描述信息
验证输入 | 服务器端请求伪造 (SSRF) (CWE-918)
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
漏洞类别
服务端请求伪造(SSRF)
漏洞标题
Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)
漏洞描述信息
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
漏洞类别
服务端请求伪造(SSRF)
漏洞标题
Adobe Commerce 代码问题漏洞
漏洞描述信息
Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 2.4.7 版本之前存在代码问题漏洞,该漏洞源于受到服务器端请求伪造 (SSRF) 漏洞的影响,该漏洞可能导致任意文件系统读取。经过身份验证的高权限攻击者可以通过注入任意 URL 来强制应用程序发出任意请求。
CVSS信息
N/A
漏洞类别
代码问题