CVE-2023-22247

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-91
View all →

Vulnerability Description

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2016-5697

HIGH
CVSS:7.5(High)

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

CWE-912016

CVE-2016-6272

HIGH
CVSS:7.5(High)

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp...

CWE-912016

CVE-2017-1000452

HIGH
CVSS:7.5(High)

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

CWE-912017

CVE-2017-5654

HIGH
CVSS:7.5(High)

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

CWE-912017

CVE-2018-1000526

HIGH
CVSS:7.5(High)

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnera...

CWE-912018

CVE-2018-1000632

HIGH
CVSS:7.5(High)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents thr...

CWE-912018