by @jakaba
01 Jul 2024

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

by @jakaba
01 Jul 2024

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

CVEs

9.8 Critical Severity

Screenshots from the blog posts

images/cly2rhu5iin7u1joibce74gje.jpgimages/cly2rhu5iin7u1joibce74gje.jpg

Summary

CVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier. Discovered in June 2024, this vulnerability allows remote attackers to execute arbitrary code via nested deserialization, leading to potential data breaches and system compromises.

Description

users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

64.3K

Social media links

Comments (0)