Exploit for #VU91983 XML External Entity injection in Adobe Commerce (formerly Magento Commerce) and Magento Open Source

Published: 2024-06-28 | Updated: 2024-08-23

Vulnerability identifier: #VU91983

Vulnerability risk: High

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-34102

CWE-ID: CWE-611

Exploitation vector: Network

Exploits in database: 9

August 23, 2024
- CVE-2024-34102 [Github]
August 16, 2024
- CVE-2024-34102 [Github]
July 19, 2024
- CVE-2024-34102 (Exploitation CVE-2024-34102) [Github]
- CVE-2024-34102-Python (CVE-2024-34102 Exploiter based on Python) [Github]
July 18, 2024
- Magento XXE Unserialize Arbitrary File Read [Metasploit]
July 12, 2024
- CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento [Github]
July 5, 2024
- CVE-2024-34102 [Github]
- CVE-2024-34102 [Github]
June 28, 2024
- CVE-2024-34102 [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
Adobe Commerce (formerly Magento Commerce)
Web applications / E-Commerce systems
Magento Open Source
Web applications / E-Commerce systems

Vendor: Magento, Inc
Adobe