Blind SSRF Vulnerability in Magento Commerce's Bundled dotmailer Extension

Blind SSRF Vulnerability in Magento Commerce's Bundled dotmailer Extension

CVE-2021-36043 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled.

Learn more about our Web Application Penetration Testing UK.