CRITICAL🇵🇱 Wersja polska

CVE-2021-21019

CVSS 9.1v3.1pub. 2021-02-11upd. 2024-11-21

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Magento

    APP
    Magento
    2.3.62.4.02.4.1< 2.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-36023CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-21014CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file ...

CVE-2021-21018CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21016CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21024CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind S...