Unrated severityNVD Advisory· Published Feb 25, 2021· Updated Sep 16, 2024
Magento UPWARD-php Path traversal vulnerability via UPWARD Connector
CVE-2021-21064
Description
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/magento/upward-php/securitymitrex_refsource_MISC
- github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.