tooryx
commented
4 months ago Hi @W0ngL1,
For now we are not interested in that vulnerability. As always, thank you for willing to contribute! Feel free to open new issues for other ideas that you might have.
~tooryx
W0ngL1
Hi there.
I would like to start implementing a plugin to detect Adobe Commerce RCE, CVE-2024-20720.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-20720 https://helpx.adobe.com/security/products/magento/apsb24-03.html
Description: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.
Versions: 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier
Thanks.