# Adobe Commerce结账处对输入验证不当导致远程代码执行
## 概述
Adobe Commerce 版本存在一个在结账过程中不正确的输入验证漏洞。该漏洞可能导致任意代码执行,且无需用户交互。
## 影响版本
- 2.4.3-p1 及更早版本
- 2.3.7-p2 及更早版本
## 细节
在结账过程中存在不正确的输入验证漏洞。攻击者无需用户交互即可利用此漏洞进行任意代码执行。
## 影响
漏洞的影响包括可能导致任意代码执行,存在严重的安全风险。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2022-24086 about Magento RCE | https://github.com/Mr-xn/CVE-2022-24086 | POC详情 |
| 2 | CVE-2022-24086 RCE | https://github.com/nanaao/CVE-2022-24086-RCE | POC详情 |
| 3 | None | https://github.com/NHPT/CVE-2022-24086-RCE | POC详情 |
| 4 | Verifed Proof of Concept on CVE-2022-24086 | https://github.com/oK0mo/CVE-2022-24086-RCE-PoC | POC详情 |
| 5 | None | https://github.com/seymanurmutlu/CVE-2022-24086-CVE-2022-24087 | POC详情 |
| 6 | PoC of CVE-2022-24086 | https://github.com/akr3ch/CVE-2022-24086 | POC详情 |
| 7 | Proof of concept of CVE-2022-24086 | https://github.com/pescepilota/CVE-2022-24086 | POC详情 |
| 8 | CVE-2022-24086 POC example | https://github.com/BurpRoot/CVE-2022-24086 | POC详情 |
| 9 | An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | https://github.com/rxerium/CVE-2022-24086 | POC详情 |
| 10 | Magento 2 patch for CVE-2022-24086. Fix the RCE vulnerability and related bugs by performing deep template variable escaping. If you cannot upgrade Magento or cannot apply the official patches, try this one. | https://github.com/wubinworks/magento2-template-filter-patch | POC详情 |
| 11 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24086.yaml | POC详情 |
暂无评论