Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.
History

Tue, 17 Sep 2024 01:30:00 +0000

Type Values Removed Values Added
Title Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2021-09-01T14:31:24.882861Z

Updated: 2024-09-17T01:25:59.655Z

Reserved: 2021-06-30T00:00:00

Link: CVE-2021-36042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-01T15:15:10.233

Modified: 2024-11-21T06:13:00.700

Link: CVE-2021-36042

cve-icon Redhat

No data.