CRITICAL🇵🇱 Wersja polska

CVE-2021-21014

CVSS 9.1v3.0pub. 2021-02-11upd. 2024-11-21

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Magento

    APP
    Magento
    2.3.62.4.02.4.1< 2.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-36023CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-21016CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21019CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML inj...

CVE-2021-21018CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21024CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind S...