Vulners
Lucene search
Adobe Commerce/Magento Open Source Input validation Vulnerability (APSB22-12)
| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
 | Exploit for Improper Input Validation in Adobe Commerce | 17 Mar 202419:29 | – | githubexploit |
| Exploit for CVE-2022-24087 | 14 Apr 202216:56 | – | githubexploit |
| Exploit for Improper Input Validation in Adobe Commerce | 19 May 202201:15 | – | githubexploit |
| Exploit for Improper Input Validation in Adobe Commerce | 1 Oct 202213:53 | – | githubexploit |
| Exploit for Improper Input Validation in Adobe Commerce | 3 Sep 202317:27 | – | githubexploit |
 | CVE-2022-24086 | 13 Feb 202200:00 | – | attackerkb |
 | CVE-2022-24086 | 14 Feb 202204:28 | – | circl |
 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | 15 Feb 202200:00 | – | cisa_kev |
 | CISA Adds Nine Known Exploited Vulnerabilities to Catalog | 15 Feb 202200:00 | – | cisa |
 | Adobe Magento 输入验证错误漏洞 | 13 Feb 202200:00 | – | cnnvd |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(242970);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/30");
script_cve_id("CVE-2022-24086");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/01");
script_name(english:"Adobe Commerce/Magento Open Source Input validation Vulnerability (APSB22-12)");
script_set_attribute(attribute:"synopsis", value:
"The Adobe Commerce/Magento Open Source instance installed on the remote host is affected by a input validation vulnerability");
script_set_attribute(attribute:"description", value:
"The version of Adobe Commerce/Magento Open Source installed on the remote host is prior to a patched version. It is,
therefore, affected by a arbitracy code execution as referenced in the APSB22-12 advisory.
- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input
validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction
and could result in arbitrary code execution. (CVE-2022-24086)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://helpx.adobe.com/uk/security/products/magento/apsb22-12.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bcdaf9dc");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Commerce/Magento Open Source version as advised");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24086");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/17");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:commerce");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:magento");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_commerce_nix_installed.nbin");
script_require_ports("installed_sw/Adobe Magento", "installed_sw/Adobe Commerce");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [{'scope': 'target', 'match': {'os': 'linux'}}],
'checks': [
{
'check_algorithm': 'default',
'product':{'name': 'Adobe Commerce', 'type': 'app'},
'constraints': [
{
'requires': [{'scope': 'install', 'contains': {'Display Patch': 'p'}}],
'min_version': '2.4.3', 'max_version': '2.4.3.1', 'fixed_display' : 'See Vendors Advisory'
},
{
'requires': [{'scope': 'install', 'contains': {'Display Patch': 'p'}}],
'min_version': '2.3.7', 'max_version': '2.3.7.2', 'fixed_display' : 'See Vendors Advisory'
}
]
},
{
'check_algorithm': 'default',
'product':{'name': 'Adobe Magento', 'type': 'app'},
'constraints': [
{
'requires': [{'scope': 'install', 'contains': {'Display Patch': 'p'}}],
'min_version': '2.4.3', 'max_version': '2.4.3.1', 'fixed_display': 'See Vendors Advisory'
},
{
'requires': [{'scope': 'install', 'contains': {'Display Patch': 'p'}}],
'min_version': '2.3.7', 'max_version': '2.3.7.2', 'fixed_display': 'See Vendors Advisory'
}
]
}
]
};
var vdf_res = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result: vdf_res); Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Jul 2025 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 210
CVSS 3.19.8
EPSS0.99199
SSVC