{"id":"BIT-magento-2020-9578","details":"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.","aliases":["CVE-2020-9578","GHSA-724x-gqhv-9c5x"],"modified":"2025-04-03T14:40:37.652Z","published":"2024-03-06T11:05:29.409Z","database_specific":{"severity":"Critical","cpes":["cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*","cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*","cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*"]},"references":[{"type":"WEB","url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9578"}],"affected":[{"package":{"name":"magento","ecosystem":"Bitnami","purl":"pkg:bitnami/magento"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.2.0"},{"fixed":"2.2.12"},{"introduced":"2.3.0"},{"fixed":"2.3.5"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/magento/BIT-magento-2020-9578.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}