CVE-2022-24086
Adobe Commerce checkout improper input validation leads to remote code execution
In short
Adobe Commerce has a flaw in its checkout system that fails to properly check user input, allowing attackers to run harmful code without needing to interact with users. This is a critical weakness that puts online stores at serious risk.
Technical detail
Improper input validation in Adobe Commerce checkout (CWE-20) allows unauthenticated remote code execution without user interaction. The vulnerability affects versions 2.4.3-p1 and earlier, 2.3.7-p2 and earlier; attackers can exploit malformed checkout parameters to achieve arbitrary code execution on the server.
Summary generated and translated by AI from the official description.
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Adobe · Magento Commercepublic PoCs found — 9
githubgithub.com/Mr-xn/CVE-2022-24086★ 35githubgithub.com/oK0mo/CVE-2022-24086-RCE-PoC★ 6githubgithub.com/pescepilota/CVE-2022-24086★ 6githubgithub.com/seymanurmutlu/CVE-2022-24086-CVE-2022-24087★ 2githubgithub.com/akr3ch/CVE-2022-24086★ 2githubgithub.com/wubinworks/magento2-template-filter-patch★ 0githubgithub.com/nanaao/CVE-2022-24086-RCE★ 0githubgithub.com/BurpRoot/CVE-2022-24086★ 0githubgithub.com/NHPT/CVE-2022-24086-RCE★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →