Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-24086
PUBLISHEDAdobe Commerce checkout improper input validation leads to remote code execution
- Vendor
- Adobe
- Product
- Magento Commerce
- Published
- Feb 16, 2022
- EPSS
- —
Description
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2022-02-15 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Feb 15, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24086.yaml | Jun 01, 2026 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2022-12-20 13:44:52 UTC · 5 stars
Proof of concept of CVE-2022-24086
github · Created 2022-06-12 19:54:16 UTC · 2 stars
github · Created 2022-05-19 01:15:57 UTC · 7 stars
Verifed Proof of Concept on CVE-2022-24086
github · Created 2022-03-15 09:50:02 UTC · 0 stars
github · Created 2022-02-20 13:52:31 UTC · 36 stars
CVE-2022-24086 about Magento RCE
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nuclei