by @jakaba
01 Jul 2024

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - exploit

by @jakaba
01 Jul 2024

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - exploit

Apps

M
MagentoOpenmage
20.0.19.*
20.0.18.*
20.0.16.*
19.4.20.*
19.4.19.*
19.4.23.*
19.4.18.*
19.4.17.*
19.4.16.*
19.4.14.*
2.3.0.*
2.4.2.*
2.4.2.P1
2.3.7.*
2.4.0.*

Screenshots from the blog posts

images/cly2s4r0kir9l1joi90o3fob9.jpgimages/cly2s4r0kir9l1joi90o3fob9.jpg

Summary

CVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier. Discovered in June 2024, this vulnerability allows remote attackers to execute arbitrary code via nested deserialization, leading to potential data breaches and system compromises.

general

Description

users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

64.3K

Social media links

Comments (0)