CVE-2021-36041
HIGH7.2EPSS 5.5%Magento vulnerable to file upload attack
發布日:2022/5/24修改日:2025/11/7
描述
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.
受影響套件(2)
- Packagist/magento/community-editionfrom 0, < 2.3.7-p1
- Packagist/magento/project-community-editionfrom 0, <= 2.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |