Exploit for #VU60558 OS Command Injection in Magento Open Source and Adobe Commerce (formerly Magento Commerce)

Published: 2022-02-27 | Updated: 2023-01-16

Vulnerability identifier: #VU60558

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-24086

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 3

January 16, 2023
- CVE-2022-24086 (Proof of concept of CVE-2022-24086) [Github]
October 2, 2022
- CVE-2022-24086 (PoC of CVE-2022-24086) [Github]
February 27, 2022
- CVE-2022-24086-RCE (CVE-2022-24086 RCE) [Github]

Impact: Code execution

Vulnerable software:
Magento Open Source
Web applications / E-Commerce systems
Adobe Commerce (formerly Magento Commerce)
Web applications / E-Commerce systems

Vendor: Magento, Inc