CVE-2021-36021 — Improper Input Validation in Magento

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.0%

top 23.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Magento Community-edition Adobe Commerce +1 more

Timeline

PublishedSep 6

Description

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDmagento/magento2.4.0 — 2.4.2+3

▶Packagistmagento/community-edition2.4.2-p1 — 2.4.2-p2+1

▶Packagistmagento/project-community-edition2.0.2

▶CVEListV5adobe/adobe_commerce2.3.7

🔴Vulnerability Details

GHSA

Magento affected by remote code execution vulnerability in the CMS page scheduled update feature↗2023-09-06

▶

CVEList

Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution↗2023-09-06

▶

OSV

Magento affected by remote code execution vulnerability in the CMS page scheduled update feature↗2023-09-06

▶