CRITICAL🇵🇱 Wersja polska

CVE-2021-21024

CVSS 9.1v3.0pub. 2021-02-11upd. 2024-11-21

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Magento

    APP
    Magento
    2.3.62.4.02.4.1< 2.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2021-36023CRITICAL9.1ten sam produkt

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by ...

CVE-2021-21014CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file ...

CVE-2021-21018CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21016CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS comm...

CVE-2021-21019CRITICAL9.1ten sam produkt

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML inj...