CVE-2021-36042
Summary
| CVE | CVE-2021-36042 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-01 15:15:00 UTC |
| Updated | 2021-09-08 15:03:00 UTC |
| Description | Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. |
Risk And Classification
Problem Types: CWE-20 | CWE-434
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Adobe Commerce | 2.4.2 | p1 | All | All |
| Application | Adobe | Adobe Commerce | All | All | All | All |
| Application | Adobe | Adobe Commerce | All | All | All | All |
| Application | Adobe | Magento Open Source | 2.4.2 | p1 | All | All |
| Application | Adobe | Magento Open Source | All | All | All | All |
| Application | Adobe | Magento Open Source | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Security Bulletin | MISC | helpx.adobe.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730180 Magento Multiple Security Vulnerabilities (APSB21-64)