Lucene search

K
osvGoogleOSV:GHSA-7PXG-6P87-8C9V
HistoryMay 24, 2022 - 5:33 p.m.

Magento 2 Community Edition RCE via Unsafe File Upload

2022-05-2417:33:56
Google
osv.dev
36
magento
community edition
rce
unsafe file upload
arbitrary code execution
administrative permissions

EPSS

0.001

Percentile

36.3%

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.

EPSS

0.001

Percentile

36.3%