WEB Adobe Commerce and Magento_createFromArray XML External Entity Injection -3 (CVE-2024-34102)
Rule ID
1235441
Severity
Critical
Description
An XML External Entity Injection vulnerability has been reported in Adobe Commerce and Magento. The vulnerability is due to improper validation of user data sent through multiple API endpoints. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the disclosure of information from the target server's filesystem.
Impact
Remote code execution
Recommendation
Update vendor's patch.
IPS Category
Web threats
IPS Anomaly Group
N/A
IPS Rule Default Action
Deny
References
Keywords
N/A
Date Created
2024/08/06
Last Updated
2024/12/26
This website uses cookies to ensure you get the best experience on our website.
Learn more