CVE-2021-41231
Summary
| CVE | CVE-2021-41231 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-27 19:15:00 UTC |
| Updated | 2023-11-07 03:38:00 UTC |
| Description | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v20.0.19 · OpenMage/magento-lts · GitHub | MISC | github.com | |
| Release v19.4.22 · OpenMage/magento-lts · GitHub | MISC | github.com | |
| Merge pull request from GHSA-h632-p764-pjqm · OpenMage/magento-lts@d16fc6c · GitHub | MISC | github.com | |
| DataFlow upload remote code execution vulnerability · Advisory · OpenMage/magento-lts · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.