CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

CVEs

CVE-2024-34102

9.8 Critical Severity

Screenshots from the blog posts

Summary

CVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier. Discovered in June 2024, this vulnerability allows remote attackers to execute arbitrary code via nested deserialization, leading to potential data breaches and system compromises.

Screenshots from the blog posts

Summary

Description