Exploit for #VU91983 XML External Entity injection in Adobe Commerce (formerly Magento Commerce) and Magento Open Source

Published: 2024-06-28 | Updated: 2024-10-18

Vulnerability identifier: #VU91983

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-34102

CWE-ID: CWE-611

Exploitation vector: Network

Exploits in database: 12

October 18, 2024
- CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961) [Metasploit]
October 11, 2024
- magento-cve-2024-34102-exploit-cosmicstring () [Github]
October 9, 2024
- CVE-2024-34102 (Adobe Commerce XXE exploit) [Github]
August 23, 2024
- CVE-2024-34102 [Github]
August 16, 2024
- CVE-2024-34102 [Github]
July 19, 2024
- CVE-2024-34102 (Exploitation CVE-2024-34102) [Github]
- CVE-2024-34102-Python (CVE-2024-34102 Exploiter based on Python) [Github]
July 18, 2024
- Magento XXE Unserialize Arbitrary File Read [Metasploit]
July 12, 2024
- CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento [Github]
July 5, 2024
- CVE-2024-34102 [Github]
- CVE-2024-34102 [Github]
June 28, 2024
- CVE-2024-34102 [Github]

Vulnerable software:
Adobe Commerce (formerly Magento Commerce)
Web applications / E-Commerce systems
Magento Open Source
Web applications / E-Commerce systems

Vendor: Adobe