Lucene search

[email protected]CVE-2021-33352

HistoryMar 08, 2023 - 10:15 p.m.

CVE-2021-33352

2023-03-0822:15:09

CWE-434

[email protected]

web.nvd.nist.gov

cve-2021-33352

wyomind help desk

magento 2 extension

arbitrary code execution

phar file upload

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.

Affected configurations

NVD

Node

wyomindhelp_deskRange<1.3.7magento_2

CPENameOperatorVersion
wyomind:help_deskwyomind help desklt1.3.7

CPE	Name	Operator	Version
wyomind:help_desk	wyomind help desk	lt	1.3.7

References

www.exploit-db.com/exploits/50113

www.wyomind.com/magento2/helpdesk-magento-2.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2021-33352

cvelist1 prion1 nvd1