Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | secondary_impact | T1213 | Data from Information Repositories |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | primary_impact | T1027 | Obfuscated Files or Information |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|