漏洞描述
Adobe Commerce 存在XML外部实体注入漏洞,此漏洞是由于程序未充分验证用户输入estimate-shipping-methods的数据所导致的。
Adobe Commerce CVE-2024-34102 XML外部实体注入漏洞
PoC代码
暂无相关漏洞推荐
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞(CVE-2025-54236)
- (CVE-2015-10135)WPshop 2 E-Commerce插件任意文件上传漏洞
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- (CVE-2025-54253)Adobe Experience Manager配置错误导致任意代码执行漏洞
- Code-Projects E-Commerce Website SQL注入漏洞
- Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞(CVE-2024-8425)
- Adobe Commerce 输入验证不当漏洞 可导致远程代码执行
- (CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过