Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

CWE: CWE-200

CVSS 2: MEDIUM – 4 (Version: 2.0)
CVSS 3: LOW – 2.7 (Version: 3.1)


NVD – CVE-2021-28566
CVE – CVE-2021-28566

Link (max. 20) Quelle Tags MISC Vendor Advisory

Quelle: NVD – CVE-2021-28566
Datum Veröffentlichung: 2021-09-08T17:15Z, Datum letzte Änderung: 2021-09-14T18:21Z