Lucene search

K
osvGoogleOSV:CVE-2021-28584
HistoryJun 28, 2021 - 2:15 p.m.

CVE-2021-28584

2021-06-2814:15:11
Google
osv.dev
8
magento
path traversal
vulnerability
file system write
admin console

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

59.0%

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

59.0%

Related for OSV:CVE-2021-28584