2 matches found
CVE-2021-36031
CVE-2021-36031 is a path-traversal vulnerability in Magento Commerce affecting versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The issue allows an attacker with admin privileges to trigger remote code execution via the theme[preview_image] parameter. The connected d...
CVE-2021-36031 Magento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a Path Traversal vulnerability via the themepreviewimage parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution...