漏洞描述
Magento是一款开源的电子商务平台,广泛应用于在线商店和电子商务网站。该漏洞存在于接口/rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods中,攻击者可以通过构造恶意的XML数据触发XXE(XML外部实体)注入漏洞,从而读取服务器上的任意文件或发起外部请求,可能导致敏感信息泄露。
Magento /rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods XML 外部实体注入漏洞(CVE-2024-34102)
PoC代码
暂无相关漏洞推荐
- POCCVE-2015-2067: Magento Server MAGMI - Directory Traversal
- POCCVE-2015-2068: Magento Server Mass Importer - Cross-Site Scripting
- POCCVE-2019-7139: Magento - SQL Injection
- POCCVE-2020-5777: Magento Mass Importer <0.7.24 - Remote Auth Bypass
- POCCVE-2024-34102: Adobe Commerce & Magento - CosmicSting
- POCCVE-2015-2067: Magento Server MAGMI - Directory Traversal
- POCCVE-2015-2068: Magento Server Mass Importer - Cross-Site Scripting
- POCCVE-2019-7139: Magento - SQL Injection
- POCCVE-2020-5777: Magento Mass Importer <0.7.24 - Remote Auth Bypass
- POCCVE-2024-34102: Adobe Commerce & Magento - CosmicSting
- POCmagento-config-disclosure: Magento Configuration Panel - Detect
- POCmagento-installer: Magento Installation Wizard
- POCmagento-cacheleak: Magento Cacheleak