First published: Wed Sep 01 2021(Updated: )
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Adobe Commerce | >=2.3.0<=2.3.7 | |
Adobe Adobe Commerce | >=2.4.0<=2.4.2 | |
Adobe Adobe Commerce | =2.4.2-p1 | |
Adobe Magento Open Source | >=2.3.0<=2.3.7 | |
Adobe Magento Open Source | >=2.4.0<=2.4.2 | |
Adobe Magento Open Source | =2.4.2-p1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36034 is an improper input validation vulnerability in Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier) that allows an attacker with admin privileges to achieve remote code execution.
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier) are affected by CVE-2021-36034.
CVE-2021-36034 has a severity rating of 7.2 (critical).
An attacker with admin privileges can exploit CVE-2021-36034 by uploading a specially crafted file to achieve remote code execution.
Yes, a fix or patch is available for CVE-2021-36034. It is recommended to update Magento Commerce to a version that includes the fix.