Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-36023 - Vulnerability Database
Magento

Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-36023

High
Reference: CVE-2021-36023
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-36023
Title: Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

Magento Commerce versions 2.4.2 (and earlier) 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.