2 matches found
CVE-2021-36036 Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privile...
CVE-2021-36036
CVE-2021-36036 affects Magento versions 2.4.2 and earlier, including 2.4.2-p1 and 2.3.7 and earlier. It describes an improper access-control in Magento’s Media Gallery Upload workflow: an authenticated administrator can store a crafted file in the site gallery to delete the .htaccess file, which ...