漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Magento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution
Vulnerability Description
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Magento Commerce 路径遍历漏洞
Vulnerability Description
Magento Commerce是提供一流的购物体验,而无需开发人员的支持。 Magento Commerce 存在路径遍历漏洞,此漏洞的存在是由于在处理目录遍历序列时出现输入验证错误。远程管理员可以发送一个特制的HTTP请求并在目标系统上执行任意代码。该漏洞允许远程用户执行目录遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A