Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution | Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution |
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2021-09-01T14:31:24.882861Z
Updated: 2024-09-17T01:25:59.655Z
Reserved: 2021-06-30T00:00:00
Link: CVE-2021-36042
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-01T15:15:10.233
Modified: 2024-11-21T06:13:00.700
Link: CVE-2021-36042
Redhat
No data.