Filtered by vendor Adobe
Subscriptions
Filtered by product Adobe Commerce
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-36024 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||
CVE-2021-36022 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | ||||
CVE-2021-36034 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. |