CVE-2021-21064

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21064

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21064.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21064

Related

GHSA-p4pw-hpjx-5685

Published

2021-02-25T14:15:12Z

Modified

2025-01-14T08:52:03.121839Z

Summary

[none]

Details

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.

References

Affected packages

Git / github.com/magento/upward-php

Affected ranges

Type: GIT
Repo: https://github.com/magento/upward-php
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c314fe07ad19aecc49c5ae0ae473f17c4b6859bc

Last affected

f6a53dc6285824a72ad4876d77af68d4292cb741

Affected versions

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4