The critical mail template vulnerability CVE-2022-24086, which affects Adobe Commerce and Magento stores, is the target of an increase in cyberattacks, according to e-commerce malware and vulnerability detection company Sansec.
In February 2022, Adobe issued emergency patches for CVE-2022-24086 (CVSS score of 9.8), alerting administrators and store owners that the security flaw was already being used in attacks. Days later, Adobe updated its warning, confirming that the patch-bypassing vulnerability had been given a new CVE number, namely CVE-2022-24087. Around the same time, proof-of-concept (PoC) code aimed at the bug was also released.
The issue is described as a check-out process flaw involving improper input validation that could be used to execute arbitrary code without authentication.