Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-2ff6-837j-hg5x

GitHub Security Advisory

Magento OS Command ('OS Command Injection') vulnerability

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

Affected Packages

Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)
Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (fixed in 2.4.7-p2)
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p7)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p9)
Packagist magento/community-edition
Affected versions: 2.4.4-p1 (fixed in 2.4.4-p10)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition

Related CVEs

CVE-2024-39402

Key Information

GHSA ID
GHSA-2ff6-837j-hg5x
Published
August 14, 2024 12:35 PM
Last Modified
November 6, 2025 4:57 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
magento/project-community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.