GHSA-74w7-cr4v-wf2v
GitHub Security Advisory
Magento Improper Access Control Leads to Privilege escalation
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
Affected Packages
Packagist
magento/project-community-edition
Affected versions:
0
(last affected: 2.0.2)
Packagist
magento/community-edition
Affected versions:
2.4.7-beta1
(fixed in 2.4.7-p2)
Packagist
magento/community-edition
Affected versions:
2.4.6-p1
(fixed in 2.4.6-p7)
Packagist
magento/community-edition
Affected versions:
2.4.5-p1
(fixed in 2.4.5-p9)
Packagist
magento/community-edition
Affected versions:
0
(fixed in 2.4.4-p10)
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: November 26, 2025 6:30 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.