Path Traversal Vulnerability in Magento UPWARD Connector Allows Arbitrary File Reading

Path Traversal Vulnerability in Magento UPWARD Connector Allows Arbitrary File Reading

CVE-2021-21064 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.

Learn more about our Cis Benchmark Audit For Server Software.