Security Advisory

CVE-2021-36042

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-01 14:31:24

Last updated 2024-09-17 01:25:59

Assigner adobe

State PUBLISHED

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.

← Browse all CVEs View on cve.org ↗