9.8
CVSSv3

CVE-2024-34102

Published: 13/06/2024 Updated: 29/11/2024

Vulnerability Summary

Improper XML External Entity Reference in Adobe Commerce (XXE)

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier have a vulnerability. This vulnerability is called Improper Restriction of XML External Entity Reference (XXE). It can lead to arbitrary code execution. An attacker can exploit this by sending a crafted XML document with external references. No user interaction is needed to exploit this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe commerce 2.4.2

adobe commerce 2.4.3

adobe commerce 2.4.4

adobe commerce 2.4.5

adobe commerce 2.4.6

adobe commerce 2.4.7

adobe commerce webhooks

adobe magento 2.4.4

adobe magento 2.4.5

adobe magento 2.4.6

adobe magento 2.4.7

Vendor Advisories

Check Point Reference: CPAI-2024-0656 Date Published: 12 Aug 2024 Severity: Critical ...

Exploits

This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961) It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable) Versions affected include 247 and earli ...
This module exploits a XXE vulnerability in Magento 247-p1 and below which allows an attacker to read any file on the system ...
This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and earlier if the PHP and glibc versions are also vulnerable: - 247 and earlier - 246-p5 and ...

Metasploit Modules

Magento XXE Unserialize Arbitrary File Read

This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system.

msf > use auxiliary/gather/magento_xxe_cve_2024_34102
msf auxiliary(magento_xxe_cve_2024_34102) > show actions
    ...actions...
msf auxiliary(magento_xxe_cve_2024_34102) > set ACTION < action-name >
msf auxiliary(magento_xxe_cve_2024_34102) > show options
    ...show and set options...
msf auxiliary(magento_xxe_cve_2024_34102) > run
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)

This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and earlier if the PHP and glibc versions are also vulnerable: - 2.4.7 and earlier - 2.4.6-p5 and earlier - 2.4.5-p7 and earlier - 2.4.4-p8 and earlier Vulnerable PHP versions: - From PHP 7.0.0 (2015) to 8.3.7 (2024) Vulnerable iconv() function in the GNU C Library: - 2.39 and earlier The exploit chain is quite interesting and for more detailed information check out the references. The tl;dr being: CVE-2024-34102 is an XML External Entity vulnerability leveraging PHP filters to read arbitrary files from the target system. The exploit chain uses this to read /proc/self/maps, providing the address of PHP's heap and the libc's filename. The libc is then downloaded, and the offsets of libc_malloc, libc_system and libc_realloc are extracted, and made use of later in the chain. With this information and expert knowledge of PHP's heap (chunks, free lists, buckets, bucket brigades), CVE-2024-2961 can be exploited. A long chain of PHP filters is constructed and sent in the same way the XXE is exploited, building a payload in memory and using the buffer overflow to execute it, resulting in an unauthenticated RCE.

msf > use exploit/linux/http/magento_xxe_to_glibc_buf_overflow
msf exploit(magento_xxe_to_glibc_buf_overflow) > show targets
    ...targets...
msf exploit(magento_xxe_to_glibc_buf_overflow) > set TARGET < target-id >
msf exploit(magento_xxe_to_glibc_buf_overflow) > show options
    ...show and set options...
msf exploit(magento_xxe_to_glibc_buf_overflow) > exploit

Github Repositories

Sources wwwvicariusio/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102 wwwyoutubecom/watch?v=gjm6VHZa_8s What is XML XXE Injection XML Externel Entity Injection How does it work? XML DTD can be obtained from external sources -&gt; keyword SYSTEM &lt;?xml version="10" e

CosmicSting (CVE-2024-34102)

🚨 CVE-2024-34102 Exploit Script 🚨 Description This script exploits a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce versions 247, 246-p5, 245-p7, 244-p8, and earlier The vulnerability allows for arbitrary code execution by sending a crafted XML document that references external entities Exploitation of this issue does not require user interac

adobe commerce

CVE-2024-34102 Adobe Commerce versions 247, 246-p5, 245-p7, 244-p8, and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution An attacker could exploit this vulnerability by sending a crafted XML document that references external entities Exploitation of this issue

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce any question related to the exploit and payment will be answered here: etx_arny@protonme please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary how to's inside the script while running it do as it says and it

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce for scotch123: smithieitcom/scotchtxt NOTE: please contact me via the email provided below, if there is any problem you facing I will try to help you if you have question about other payment methods like other currencies we have possiblities to offer a few solution or if

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce any question related to the exploit and payment will be answered here: etx_arny@protonme please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary how to's inside the script while running it do as it says and it

Official Magento Patches have been released: Magento Docs Unfortunately there are no patches publicly available for Magento versions &lt; 244 I've manually created patches for the older versions based on the official released Magento patch Magento-APSB24-40-Security-Patches (CVE-2024-34102) This repository contains Magento 2 patch files for the recently found secur

Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.

CVE-2024-36401: GeoServer Unauthenticated Remote Code Execution Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401 Installation git clone githubcom/RevoltSecurities/CVE-2024-36401git cd CVE-2024-34102 pip install -r requirementstxt python3 exploiterpy --help

CVE-2024-37085&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; unauthenticated shell upload to full administrator on domain-joined esxi hypervisors Download ESXI[VORTEX] Details: an authentication bypass which leads to shell upload in context of vpxuser leading to full administrative permission on domain-joined ESXI hypervis

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce any question related to the exploit and payment will be answered here: etx_arny@protonme please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary how to's inside the script while running it do as it says and it&

A PoC demonstration , critical XML entity injection vulnerability in Magento

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas We will not rest until every hostage is released and returns home safely You can help bring them back home storiesbringthemhomenownet/ CVE-2024-34102 PoC 🚀 This repository contains a proof-of-concept (PoC) explo

CVE-2024-37085 unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.

CVE-2024-37085&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; unauthenticated shell upload to full administrator on domain-joined esxi hypervisors Download ESXI[VORTEX] Details: an authentication bypass which leads to shell upload in context of vpxuser leading to full administrative permission on domain-joined ESXI hypervis

adobe commerce

CVE-2024-34102 Adobe Commerce versions 247, 246-p5, 245-p7, 244-p8, and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution An attacker could exploit this vulnerability by sending a crafted XML document that references external entities Exploitation of this issue

R&amp;T EQST Insight R&amp;T PoC list CVE-2024-34102

Magento 2 patch for CVE-2022-24086. Fix the RCE vulnerability and related bugs by performing deep template variable escaping. If you cannot upgrade Magento or cannot apply the official patches, try this one.

Magento 2 Template Filter Patch for CVE-2022-24086 Magento 2 patch for CVE-2022-24086 Fix the RCE vulnerability and related bugs by performing deep template variable escaping If you cannot upgrade Magento or cannot apply the official patches, try this one Background CVE-2022-24086 was discovered in the beginning of 2022 For Magento 24 releases, all versions &lt;= 24

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

Sources helpxadobecom/security/products/magento/apsb24-40html wwwvicariusio/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102 wwwyoutubecom/watch?v=gjm6VHZa_8s What is XML XXE Injection? XML Externel Entity Injection How does it work? XML DTD defines the structure, elements, att

Magento XXE (CVE-2024-34102)

CVE-2024-34102 Usage python3 CVE-2024-34102py -h optional arguments: -h, --help show this help message and exit -u URL, --url URL Target URL -ip IP, --ip IP Your IP address -p PORT, --port PORT Port for HTTP server -f FILE, --file FILE Path to the file to be included in the POC

Mass Exploitation CVE-2024-34102

Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-based tool designed to exploit CVE-2024-34102, an SSRF vulnerability The tool checks multiple URLs provided either directly or via a file, collects links from the source code, checks if the collected links are alive or dead, and saves dead links to an output file Features Check a single URL or multiple URLs for vuln

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce CVE-2024-34102 is a file read vulnerability in Magento/adobe commerce which can be chained with CVE-2024-2961 to achieve unauthenticated RCE EXPLOIT: Those who dont know about iconv() vulnerability in glibc which is the core part for this exploit thats all you need to know about this

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

PoC for CVE-2024-34102

CVE-2024-34102 PoC for CVE-2024-34102

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce any question related to the exploit and payment will be answered here: etx_arny@protonme please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary how to's inside the script while running it do as it says and it&

CVE-2024-34102 made Python code

CVE-2024-34102-Python CVE-2024-34102 made Python code

CVE 2024-34102 - CosmicSting XXE Vulnerability in Adobe Commerce &amp; Magento - Educational Material This repository contains slides and demo material for my talk on the latest XML External Entity (XXE) vulnerability in Adobe Commerce and Magento The purpose of these materials is purely educational, designed to inform developers, security professionals, and e-commerce sta

Magento 2 patch for CVE-2024-34102(aka CosmicSting). Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento.

Magento 2 patch for CVE-2024-34102(aka CosmicSting) Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento Description Impact The attacker makes use of this security hole may read secret files(eg: encryption key in envphp) on the server With those secrets, the attacker can perform unauthorized actions(eg: by

CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce

CVE-2024-34102-RCE CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce any question related to the exploit and payment will be answered here: etx_arny@protonme please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary how to's inside the script while running it do as it says and it&

How I Was Paid $9,000 for a Critical Vulnerability in Adobe Commerce (CVE-2024-34102) From time to time, I participate in bug bounty programs When I choose a target, I base my decision on its popularity I found a great target called Magento Later, I discovered that it belonged to Adobe As soon as the bug was fixed, I was surprised by the attention it received and came acros

A utility for Magento 2 encryption key rotation and management. CVE-2024-34102(aka Cosmic Sting) victims can use it as an aftercare.

Magento 2 Encryption Key Manager CLI A utility for Magento 2 encryption key rotation and management CVE-2024-34102(aka Cosmic Sting) victims can use it as an aftercare Designed for Development usage Deployment automation CVE-2024-34102(aka Cosmic Sting) aftercare CVE-2024-34102(aka Cosmic Sting) After applying security patches, you need to perform a key rotation to complet

Recent Articles

Hackers inject malicious JS in Cisco store to steal credit cards, credentials
BleepingComputer • Ionut Ilascu • 04 Sep 2024

Hackers inject malicious JS in Cisco store to steal credit cards, credentials By Ionut Ilascu September 4, 2024 11:48 AM 0 Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to a compromise with JavaScript code that steals sensitive details...

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
BleepingComputer • Bill Toulas • 20 Jun 2024

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites By Bill Toulas June 20, 2024 04:02 PM 0 A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. According to Sansec's stats, roughly three out of four websites using the impacted e-commerce platforms have not patched against CosmicSting, which puts them at risk of XML...

Cisco merch shoppers stung in Magecart attack
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June

Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking giant's online store selling Cisco-branded merch. Cisco has since fixed the issue caused by a flaw in Adobe's Magento platform, which could have allowed crooks to steal shoppers' credit card details and other sensitive information at checkout. "A Cisco-branded merchandise website that's hosted and administered by a third-party supplier was te...

Big names among thousands infected by payment-card-stealing CosmicSting crooks
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says

Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online. CosmicSting is the name for a critical vulnerability, CVE-2024-34102, in Adobe's Commerce and Magento software, and can be used to tamper with the pages of sites so that user data can quietly siphoned. At least seven cybercrime gangs are said to be beh...