VDB
BIT-magento-2024-34102
BIT-magento-2024-34102
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | magento | 2.4.7-alpha0, 2.4.6-alpha0, 2.4.5-alpha0 |
Exploit Intelligence
- Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability (github-poc-repo)
- Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability (github-poc)
- An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability CVE-2024-34102(aka Cosmic Sting). If you cannot upgrade Magento or cannot apply the official patch, try this one. (github-poc-repo)
- CosmicSting (CVE-2024-34102) POC / Patch Validator (github-poc-repo)
- adobe commerce (github-poc-repo)
- Koray123-debug/CVE-2024-34102 (github-poc-repo)
- Kento-Sec/CVE-2024-34102 (github-poc-repo)
- CVE-2024-34102 exploit for python3 (github-poc-repo)
- CVE-2024-34102 exploit for python3 (github-poc)
- Kento-Sec/CVE-2024-34102 (github-poc)
…and 32 more exploits
Timeline
- Jun 17, 2024 CVE Published
- Jul 18, 2024 CVE Updated