CRITICAL🇬🇧 English

CVE-2021-36024

CVSS 9.1v3.1pub. 2021-09-01upd. 2024-11-21

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Adobe Commerce

    APP
    Adobe
    2.4.22.3.0 – 2.3.72.4.0 – 2.4.2
  • Adobe Magento Open Source

    APP
    Adobe
    2.4.22.3.0 – 2.3.72.4.0 – 2.4.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2022-24093CRITICAL9.1ten sam produkt

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input va...

CVE-2022-35698CRITICAL10.0ten sam produkt

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scr...

CVE-2021-36029CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-36025CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-36022CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...