CVE-2021-21024 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6-p1 || >=2.4.0 <2.4.1-p1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.02071 pctl0.83266

Details

Magento Blind SQL Injection in the Search module Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Metadata

Created: 2022-05-24T17:41:56Z
Modified: 2024-01-10T17:04:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rj4f-cp4v-hvcv/GHSA-rj4f-cp4v-hvcv.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-rj4f-cp4v-hvcv
Finding: F106
Auto approve: 1