Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

Remediation

References

CVE-2021-28584

Related Vulnerabilities

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614)

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress Supply Chain Attack [Polyfill.io] (1.6.23)

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)

WordPress Plugin Search & Filter Cross-Site Scripting (1.2.15)

Severity

High

Classification

CVE-2021-28584 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities