-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on improper access control in admin functionality. Magento's admin controllers typically use the _isAllowed() method for authorization checks. Missing or incomplete implementations of this pattern (common in controller inheritance structures) could create authorization bypass opportunities. The medium confidence reflects the lack of direct patch details, but aligns with: 1) Historical Magento access control issues often involving admin controllers 2) CWE-284's focus on missing authorization layers 3) The described low-privilege attacker profile suggesting vertical privilege escalation vectors 4) Adobe's security bulletin referencing 'security feature bypass' in admin contexts.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p8 | 2.4.6-p8 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p10 | 2.4.5-p10 |
| magento/community-edition | composer | < 2.4.4-p11 | 2.4.4-p11 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 |
PHPPHPOngoing coverage of React2Shell