CVE-2024-34102CISA KEV: Actively Exploited

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Published Jul 17, 2024·Updated Jul 17, 2024

Description

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Public Exploits & PoCs27 found

PoC: CVE-2024-34102

CVE-2024-34102: Unauthenticated Magento XXE

2

PoC: CVE-2024-34102

POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook

1

PoC: cosmicsting-cve-2024-34102-exploit

Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability

PoC: CVE-2024-34102

CVE-2024-34102 exploit for python3

PoC: magento2-encryption-key-manager-cli

A utility for Magento 2 encryption key rotation and management. CVE-2024-34102(aka Cosmic Sting) victims can use it as an aftercare.

PoC: CVE-2024-34102

adobe commerce

PoC: CVE-2024-34102

PoC for CVE-2024-34102

PoC: magento2-cosmic-sting-patch

Magento 2 patch for CVE-2024-34102(aka CosmicSting). Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento.

PoC: CVE-2024-34102-RCE-PoC

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

PoC: CVE-2024-34102-RCE

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

PoC: CVE-2024-34102-PoC

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?

PoC: CVE-2024-34102-RCE

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

PoC: CVE-2024-34102-Python

CVE-2024-34102 Exploiter based on Python

PoC: CVE-2024-34102

Exploitation CVE-2024-34102

PoC: CVE-2024-34102-RCE-POC

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

PoC: CVE-2024-34102

Burp Extension to test for CVE-2024-34102

PoC: CVE-2024-34102-RCE

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

PoC: poc

poc for CVE-2024-34102

PoC: cosmicsting-validator

CosmicSting (CVE-2024-34102) POC / Patch Validator

PoC: CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

PoC: CVE-2024-34102

Magento XXE

PoC: CVE-2024-34102

Magento XXE (CVE-2024-34102)

PoC: CVE-2024-34102

TEST CVE-2024-34102 Magento XXE

PoC: CVE-2024-34102

CosmicSting (CVE-2024-34102)

PoC: CVE-2024-34102

A PoC demonstration , critical XML entity injection vulnerability in Magento

PoC: CVE-2024-34102

POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce.

PoC: CVE-2024-34102-RCE

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free