CRITICAL🇵🇱 Wersja polska

CVE-2021-21018

CVSS 9.1v3.0pub. 2021-02-11upd. 2024-11-21

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Magento

    APP
    Magento
    2.3.62.4.02.4.1< 2.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2021-36023CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-21014CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file ...

CVE-2021-21019CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML inj...

CVE-2021-21016CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21024CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind S...