CVE | CVE-2021-41231 |
CVE Ordinal Value | 217045 |
Published Date | 2023-01-27T19:15Z |
Modified Date | 2023-01-27T19:31Z |
CWE Type | CWE-77 |
Description | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 |
Reference Description | MISC https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 |
Reference URL | https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm |
Reference Description | MISC https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm |
Reference URL | https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 |
Reference Description | MISC https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 |
Reference URL | https://github.com/OpenMage/magento-lts/commit/d16fc6c5a1e66c6f0d9f82020f11702a7ddd78e4 |
Reference Description | MISC https://github.com/OpenMage/magento-lts/commit/d16fc6c5a1e66c6f0d9f82020f11702a7ddd78e4 |
Sources | NIST MITRE |
Note
- No CVSS data for this CVE