Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-21015 - Vulnerability Database
Magento

Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-21015

High
Reference: CVE-2021-21015
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-21015
Title: Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

Magento versions 2.4.1 (and earlier) 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.