Adobe Commerce & Magento - CosmicSting

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. id: CVE-2024-34102 info: name: Adobe Commerce & Magento - CosmicSting author:...

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 CVSS score: 9.8, the critical flaw relates to an improper restriction of XML external...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

A Cosmicsting POC...

Adobe Commerce / Magento XML External Entity Injection (CosmicSting)

Adobe Magento Open Source / Commerce versions 2.4.7 2.4.7-p1, 2.4.6 2.4.6-p6, 2.4.5 2.4.5-p8, 2.4.4 2.4.4-p9 and earlier suffer from an XML External Entity XXE vulnerability. By exploiting this vulnerability and crafting a malicious XML document, a remote and unauthenticated attacker could achiev...