Vulnerability CVE-2021-32759
Published: 2021-08-27   Modified: 2021-08-28

Description:
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Openmage -> Magento 

 References:
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-xm9f-vxmx-4m58
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.13
Copyright 2024, cxsecurity.com

 

Back to Top