Skip to content

Unwanted script being Injected in cms pages #40022

Open
@jrnoobcoder

Description

@jrnoobcoder

Preconditions and environment

  • Magento CLI 2.4.7-p4
  • PHP 8.2

Steps to reproduce

To reproduce the error

  • check the files under pub directory , there is a file named get.php Or health_check.php
  • Whenever it will execute then the unwanted script will be Injected in cms pages Or cms page database tables
  • To check i executed the health_check.php in browser domain.xyz/health.php
  • I got the issue

But in live this file being executed automatically.
And after that it affect the pagebuilder in admin panel. When edit any page or block then content is not appearing.
rawchoicelive (3).txt

Expected result

The Unwanted or malicious script should not be injected in cms tables.

Actual result

malicious script is being injected in cms tables

Additional information

No response

Release note

No response

Triage and priority

  • Severity: S0 - Affects critical data or functionality and leaves users without workaround.
  • Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
  • Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
  • Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
  • Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

Metadata

Metadata

Labels

Issue: needs updateAdditional information is require, waiting for responseReported on 2.4.7-p4Indicates original Magento version for the Issue report.

Type

No type

Projects

Status

Needs Update

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions