Published: 11/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magento magento
magento magento 2.4.1
magento magento 2.4.0
magento magento 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker.

PoC (Limited) CVE-2021-21014 Magento versions 241 (and earlier), 240-p1 (and earlier) and 236 (and earlier) are vulnerable to a file upload restriction bypass Successful exploitation could lead to arbitrary code execution by an authenticated attacker Affected version: <= Magento 241 User requirement: Admin account with only Media gallery (+-) Products permissio

CWE-434 https://helpx.adobe.com/security/products/magento/apsb21-08.html https://nvd.nist.gov https://github.com/HoangKien1020/CVE-2021-21014

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21014

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect