Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.

Affected Packages

Packagist magento/community-edition

Affected versions: 2.4.7-beta1 (fixed in 2.4.7)

Packagist magento/community-edition

Affected versions: 2.4.6-p1 (fixed in 2.4.6-p5)

Packagist magento/community-edition

Affected versions: 2.4.5-p1 (fixed in 2.4.5-p7)

Packagist magento/community-edition

Affected versions: 2.4.4-p1 (fixed in 2.4.4-p8)

Packagist magento/project-community-edition

Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2024-20758

Key Information

GHSA ID

GHSA-wh4m-6rh3-p4rq

Published

April 10, 2024 3:30 PM

Last Modified

March 4, 2025 6:54 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

magento/community-edition

GitHub Reviewed

✓ Yes

Dataset

Last updated: October 5, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.