Skip to content

Fix for arbitrary file deletion in customer media allows for remote code execution

High
mark-netalico published GHSA-5vpv-xmcj-9q85 Jan 26, 2023

Package

No package listed

Affected versions

< 19.4.13, 20 < 20.0.10

Patched versions

> 19.4.13, 20 > 20.0.11

Description

Impact

Magento admin users with access to the customer media could execute code on the server.

Severity

High

CVE ID

CVE-2021-41143

Weaknesses

No CWEs