CVE-2022-24086
Adobe Commerce checkout improper input validation leads to remote code execution
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 27, 2022
- Published Date
- February 16, 2022
- Last Updated
- February 04, 2025
- Vendor
- Adobe
- Product
- Magento Commerce
- Description
- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-02-15 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
pescepilota/CVE-2022-24086
Type: github • Created: 2022-12-20 13:44:52 UTC • Stars: 5
akr3ch/CVE-2022-24086
Type: github • Created: 2022-10-01 13:53:49 UTC • Stars: 2
seymanurmutlu/CVE-2022-24086-CVE-2022-24087
Type: github • Created: 2022-06-12 19:54:16 UTC • Stars: 2
oK0mo/CVE-2022-24086-RCE-PoC
Type: github • Created: 2022-05-19 01:15:57 UTC • Stars: 7
NHPT/CVE-2022-24086-RCE
Type: github • Created: 2022-03-15 09:50:02 UTC • Stars: 0
nanaao/CVE-2022-24086-RCE
Type: github • Created: 2022-02-28 05:24:20 UTC • Stars: 0
Mr-xn/CVE-2022-24086
Type: github • Created: 2022-02-20 13:52:31 UTC • Stars: 36
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Proof of Concept Exploit Available