Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability Allowing Security Feature Bypass

A vulnerability allowing security feature bypass through improper input validation has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier, as well as Magento Open Source 2.4.9-beta1, 2.4.8-p4 and earlier, 2.4.7-p9 and earlier, and 2.4.6-p14 and earlier. The vulnerability could be exploited by a high-privileged attacker to bypass security measures and gain unauthorized write access. Exploitation requires user interaction, as a victim must visit a maliciously crafted URL or interact with a compromised web page.

Impact

Exploitation of this vulnerability could lead to unauthorized write access, allowing attackers to manipulate files or data on the server.

Remediation

Users are advised to update to the latest versions of Adobe Commerce or Magento Open Source. The latest versions for Adobe Commerce are 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17 and 2.4.4-p18. For Magento Open Source, the latest versions are 2.4.9, 2.4.8-p5, 2.4.7-p10 and 2.4.6-p15.