Unrestricted File Upload Vulnerability in Magento Commerce API File Option Upload Extension

Unrestricted File Upload Vulnerability in Magento Commerce API File Option Upload Extension

CVE-2021-36042 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.

Learn more about our Api Penetration Testing.