CVE-2021-41143
published 2023-01-27CVE-2021-41143: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the…
PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.29%
66.7th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmage | magento | < 19.4.22 | 19.4.22 |
| openmage | magento | >= 20.0.0 < 20.0.19 | 20.0.19 |
| openmage | magento-lts | < 19.4.22 | 19.4.22 |
| openmage | magento-lts | — | — |
| openmage | magento-lts | >= 0 < 19.4.22 | 19.4.22 |
| openmage | magento-lts | >= 20.0.0 < 20.0.19 | 20.0.19 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fix for arbitrary file deletion in customer media allows for remote code execution
ghsa·2023-01-27
CVE-2021-41143 [HIGH] CWE-22 Fix for arbitrary file deletion in customer media allows for remote code execution
Fix for arbitrary file deletion in customer media allows for remote code execution
### Impact
Magento admin users with access to the customer media could execute code on the server.
OSV
Fix for arbitrary file deletion in customer media allows for remote code execution
osv·2023-01-27
CVE-2021-41143 [HIGH] Fix for arbitrary file deletion in customer media allows for remote code execution
Fix for arbitrary file deletion in customer media allows for remote code execution
### Impact
Magento admin users with access to the customer media could execute code on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenMage/magento-lts/commit/45330ff50439984e806992fa22c3f96c4d660f91https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vpv-xmcj-9q85https://github.com/OpenMage/magento-lts/commit/45330ff50439984e806992fa22c3f96c4d660f91https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vpv-xmcj-9q85
2023-01-27
Published