CVE-2022-24086

Adobe Commerce checkout improper input validation leads to remote code execution

Basic Information

CVE State: PUBLISHED
Reserved Date: January 27, 2022
Published Date: February 16, 2022
Last Updated: February 04, 2025
Vendor: Adobe
Product: Magento Commerce
Description: Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-02-15 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-10-01 13:53:49 UTC) Source

References

https://helpx.adobe.com/security/products/magento/apsb22-12.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-02-15 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

pescepilota/CVE-2022-24086

Type: github • Created: 2022-12-20 13:44:52 UTC • Stars: 5

Proof of concept of CVE-2022-24086

akr3ch/CVE-2022-24086

Type: github • Created: 2022-10-01 13:53:49 UTC • Stars: 2

PoC of CVE-2022-24086

seymanurmutlu/CVE-2022-24086-CVE-2022-24087

Type: github • Created: 2022-06-12 19:54:16 UTC • Stars: 2

oK0mo/CVE-2022-24086-RCE-PoC

Type: github • Created: 2022-05-19 01:15:57 UTC • Stars: 7

Verifed Proof of Concept on CVE-2022-24086

NHPT/CVE-2022-24086-RCE

Type: github • Created: 2022-03-15 09:50:02 UTC • Stars: 0

nanaao/CVE-2022-24086-RCE

Type: github • Created: 2022-02-28 05:24:20 UTC • Stars: 0

CVE-2022-24086 RCE

Mr-xn/CVE-2022-24086

Type: github • Created: 2022-02-20 13:52:31 UTC • Stars: 36

CVE-2022-24086 about Magento RCE