CVE-2024-45117: 
PHP vulnerability analysis and mitigation

CVE-2024-45117 is an Improper Input Validation vulnerability affecting Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier versions. The vulnerability was disclosed on October 10, 2024, and affects both Adobe Commerce and Magento Open Source platforms (NVD).

The vulnerability is characterized as an Improper Input Validation issue that could lead to arbitrary file system read. It has received a CVSS v3.1 Base Score of 7.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. The vulnerability allows exploitation through PHP filter chain mechanisms (NVD).

When exploited, this vulnerability allows an admin attacker to read files from the system outside of the intended directories. Additionally, it can have a low-availability impact on the service. The vulnerability has a changed scope, potentially affecting resources beyond the vulnerable component (NVD).

Adobe has released security updates to address this vulnerability. Users should update to the latest versions of Adobe Commerce and Magento Open Source. The fix is available for all affected versions including 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 (Adobe Advisory).