Open
Description
Preconditions and environment
- Magento CLI 2.4.7-p4
- PHP 8.2
Steps to reproduce
To reproduce the error
- check the files under pub directory , there is a file named get.php Or health_check.php
- Whenever it will execute then the unwanted script will be Injected in cms pages Or cms page database tables
- To check i executed the health_check.php in browser domain.xyz/health.php
- I got the issue
But in live this file being executed automatically.
And after that it affect the pagebuilder in admin panel. When edit any page or block then content is not appearing.
rawchoicelive (3).txt
Expected result
The Unwanted or malicious script should not be injected in cms tables.
Actual result
malicious script is being injected in cms tables
Additional information
No response
Release note
No response
Triage and priority
- Severity: S0 - Affects critical data or functionality and leaves users without workaround.
- Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
- Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
- Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
- Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Needs Update