Any tier · 18 specialized tests

Magento Security (Ecom)

CosmicSting, admin auth bypass, Magecart skimmer, REST API abuse

€109 Add to Scan

What Gets Tested

CosmicSting chain (CVE-2024-34102 + CVE-2022-24086)
Admin auth bypass (CVE-2024-20720)
REST API customer enumeration
Magecart / payment-skimmer detection
Smarty template-engine RCE probe
EAV SQLi + PHP object injection
magescan CLI integration
Nuclei magento/ template pack
PCI DSS 6.2 coverage check

How It Works

1

Detection

Fingerprint Magento via /static/, Mage_Cookies, admin path, Magento_Ui asset paths.

2

CosmicSting

Test for the 2024 XXE→RCE chain (pre-2.4.7-p1 → remote code execution).

3

Admin + API

Enumerate /admin, probe REST customer endpoints, test magescan exploits.

4

Payment Path

Scan checkout for Magecart skimmer DOM patterns + external JS risk.

Compliance Coverage

OWASP-A03 (Injection) OWASP-A08 (Data Integrity) PCI-DSS-6.2 GDPR Art 32

Magento Security (Ecom)

€109

Any tier · One-time per scan

18 specialized tests + AI-powered analysis

Start Your Scan

Select this addon when configuring your scan

Related Add-Ons

PrestaShop Security

€89

Smarty sandbox escape, module-installer RCE, payment-module CVEs

OpenCart Security

€59

Admin bypass via route param, file-manager RCE, SQLi in filter

Ecommerce Security (PCI DSS)

€149

Payment security and PCI DSS compliance testing