Security News > 2022 > February > Researchers create exploit for critical Magento bug, Adobe updates advisory

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday.

The vulnerability, which Adobe saw being "Exploited in the wild in very limited attacks," received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate.

Earlier today, Adobe updated its security advisory for CVE-2022-24086 adding a new issue that is now tracked as CVE-2022-24087, which has the same severity score and can lead to the same result when leveraged in attacks.

The researchers told BleepingComputer that attackers leveraging the bug can get "Full access to the target system with web-server privileges."

Positive Technologies researchers told us that developing "a complete exploit is quite a difficult task" if technical details are not available.

The researchers say that they have no plans to publish the proof-of concept exploit code they created or to share it privately within the infosec industry.

News URL

https://www.bleepingcomputer.com/news/security/researchers-create-exploit-for-critical-magento-bug-adobe-updates-advisory/