what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Sergey Temnikov

Magento / Adobe Commerce Remote Code Execution

Posted Oct 18, 2024

Authored by Charles FOL, jheysel-r7, Heyder, Sergey Temnikov | Site metasploit.com

This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.

tags | exploit, remote, overflow, arbitrary, php, code execution

advisories | CVE-2024-2961, CVE-2024-34102

SHA-256 | f1b5cba01a5fd2ecef43b7a58280b21a88a3060e64cb2735247437f0ade78ff4

Download | Favorite | View

Magento XXE Unserialize Arbitrary File Read

Posted Aug 31, 2024

Authored by Heyder, Sergey Temnikov | Site metasploit.com

This Metasploit module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system.

tags | exploit

advisories | CVE-2024-34102

SHA-256 | e52e83a925a98a26ad0db3cb897fb254b0d69879f1359c01ed977325ddf27bae

Download | Favorite | View