Back to directory
WRITEUP #236

Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)

DeserializationInsecure deserializationXXEPatch diffingSecurity code review
by@hash_kitten(Adam Kues)
Program
Magento
Published
Jun 26, 2024
Added to HackDex
Jul 1, 2024
Read Full Writeuphttps://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
RELATED WRITEUPS
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Dynamics 365 Business Central - A Journey With Ups and Downs
DeserializationInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS

Built with ❤️ by Shubham Rawat