Lucene search
GitHub Advisory DatabaseGHSA-7PXG-6P87-8C9VHistoryMay 24, 2022 - 5:33 p.m.
Magento 2 Community Edition RCE via Unsafe File Upload
2022-05-2417:33:56
CWE-434
GitHub Advisory Database
github.com
197
0.001 Low
EPSS
Percentile
36.1%
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | le | 2.4.0 |
Related
osv
osv
Magento 2 Community Edition RCE via Unsafe File Upload
2022-05-24 17:33:56
CVE-2020-24407
2020-11-09 01:15:12
BIT-magento-2020-24407
2024-03-06 11:07:21
cvelist
cvelist
CVE-2020-24407 Arbitrary code execution via file import functionality
2020-10-15 00:00:00
zdt
zdt
Magento 2.4.0 / 2.3.5p1 (and earlier) Arbitrary Code Execution 0day Exploit
2021-03-24 00:00:00
cve
cve
CVE-2020-24407
2020-11-09 01:15:12
prion
prion
Remote code execution
2020-11-09 01:15:00
threatpost
threatpost
8 U.S. City Websites Targeted in Magecart Attacks
2020-06-26 20:18:06
Critical Flaws in WordPress Quiz Plugin Allow Site Takeover
2020-08-14 18:26:07
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
2020-08-11 14:48:41
adobe
adobe
APSB20-59 Security updates available for Magento
2020-10-15 00:00:00
openvas
openvas
Magento < 2.3.6, 2.4.x < 2.4.1 Multiple Vulnerabilities (APSB20-59)
2020-10-23 00:00:00