CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:commerce:2.3.7:-::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p1::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p2::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p3::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4::::::
	cpe:2.3:a:adobe:commerce:2.4.0:-::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-3::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-4::::::
	cpe:2.3:a:adobe:commerce:2.4.1:-::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-3::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-4::::::
	cpe:2.3:a:adobe:commerce:2.4.2:-::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-3::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-4::::::
	cpe:2.3:a:adobe:commerce:2.4.3:-::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-3::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-4::::::
	cpe:2.3:a:adobe:commerce:2.4.4:-::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.5:-::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.6:-::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.7:b1::::::
	cpe:2.3:a:adobe:magento:2.4.4:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p4:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:b1:::open_source:::*

History

21 Nov 2024, 08:13

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 8.0
References	~~() https://helpx.adobe.com/security/products/magento/apsb23-50.html - Vendor Advisory~~	() https://helpx.adobe.com/security/products/magento/apsb23-50.html - Vendor Advisory

Information

Published : 2023-10-13 07:15

Updated : 2024-11-21 08:13

NVD link : CVE-2023-38249

Mitre link : CVE-2023-38249

CVE.ORG link : CVE-2023-38249

JSON object : View

Products Affected

adobe

magento
commerce

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-38249", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2023-10-13T07:15:41.037", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."}, {"lang": "es", "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una neutralizaci\u00f3n inadecuada de funciones especiales. Elementos utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante autenticado con privilegios de administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y la complejidad del ataque es alta, ya que requiere conocimiento de herramientas m\u00e1s all\u00e1 del simple uso de la interfaz de usuario."}], "lastModified": "2024-11-21T08:13:10.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}

8.0 /10