CVE-2024-45118: 
PHP vulnerability analysis and mitigation

CVE-2024-45118 is an Improper Access Control vulnerability affecting Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier versions. The vulnerability was discovered and disclosed on October 10, 2024, affecting Adobe Commerce and Magento Open Source platforms (NVD).

The vulnerability is classified as an Improper Access Control issue (CWE-284) with a CVSS v3.1 Base Score of 6.5 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, and high impact on integrity (NVD).

The vulnerability could result in a security feature bypass, allowing a low-privileged attacker to bypass security measures and have a high impact on system integrity. The vulnerability affects confidentiality and could potentially compromise system security (NVD, CIS Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Commerce installations to the latest patched versions. The affected versions should be updated to their respective latest releases as provided in the security advisory (Adobe Advisory).