2.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29293

GHSA ID

GHSA-66c9-xrwj-9xv6

EPSS Score

0.08598%

CWE

CWE-20

Published

6/15/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29293

CVE-2023-29293: Magento Open Source affected by Improper Input Validation

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

(GitHub Advisory)

2.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29293

GHSA ID

GHSA-66c9-xrwj-9xv6

EPSS Score

0.08598%

CWE

CWE-20

Published

6/15/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p3	2.4.5-p3
magento/community-edition	composer	>= 2.4.4-p1, < 2.4.4-p4	2.4.4-p4
magento/project-community-edition	composer	<= 2.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

**o** *omm*r** v*rsions *.*.* (*n* **rli*r), *.*.*-p* (*n* **rli*r) *n* *.*.*-p* (*n* **rli*r) *r* *****t** *y *n Improp*r Input V*li**tion vuln*r**ility t**t *oul* r*sult in * S**urity ***tur* *yp*ss. *n **min privil**** *tt**k*r *oul* l*v*r*** t*is

Reasoning

No *n*lysis *v*il**l*

2.7

Basic Information

Concerned about an active attack path?

CVE-2023-29293: Magento Open Source affected by Improper Input Validation

2.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI