9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29297

GHSA ID

GHSA-gfmm-ww6f-5mm5

EPSS Score

0.90404%

CWE

CWE-1336

Published

6/15/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29297

CVE-2023-29297:
Magento Open Source allows Improper Neutralization of Special Elements Used

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

(GitHub Advisory)

9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29297

GHSA ID

GHSA-gfmm-ww6f-5mm5

EPSS Score

0.90404%

CWE

CWE-1336

Published

6/15/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p3	2.4.5-p3
magento/community-edition	composer	>= 2.4.4-p1, < 2.4.4-p4	2.4.4-p4
magento/project-community-edition	composer	<= 2.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability (CWE-1336) explicitly involves improper neutralization in template engines. Magento's core templating system relies on PHP-based template rendering. Admin users with template editing privileges could inject malicious code into templates processed by these functions.

getProcessedTemplate is a known high-risk function in email template handling, where variables like {{css ...}} or {{inlinecss ...}} might allow PHP code execution if input isn't sanitized.
fetchView directly evaluates template files, and if an attacker controls the template content/path (e.g., via CMS block edits), it could lead to arbitrary code execution. These functions align with the CWE's focus on template engine vulnerabilities and the attack vector described (admin-triggered RCE).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**o** *omm*r** v*rsions *.*.* (*n* **rli*r), *.*.*-p* (*n* **rli*r) *n* *.*.*-p* (*n* **rli*r) *r* *****t** *y * Improp*r N*utr*liz*tion o* Sp**i*l *l*m*nts Us** in * T*mpl*t* *n*in* vuln*r**ility t**t *oul* l*** to *r*itr*ry *o** *x**ution *y *n **m

Reasoning

T** vuln*r**ility (*W*-****) *xpli*itly involv*s improp*r n*utr*liz*tion in t*mpl*t* *n*in*s. M***nto's *or* t*mpl*tin* syst*m r*li*s on P*P-**s** t*mpl*t* r*n**rin*. **min us*rs wit* t*mpl*t* **itin* privil***s *oul* inj**t m*li*ious *o** into t*mpl

9.1

Basic Information

Concerned about an active attack path?

CVE-2023-29297: Magento Open Source allows Improper Neutralization of Special Elements Used

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-29297:
Magento Open Source allows Improper Neutralization of Special Elements Used

Vulnerability Intelligence
Miggo AI