Impact
Magento UPWAR- php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature.
An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.
Patches
This issue has been resolved in version 1.2.0 of magento2-upward-connector and in version 1.1.5 of upward-php
Workarounds
No workaround exist.
References
N/A
For more information
If you have any questions or comments about this advisory open an issue in upward-php or magento2-upward-connector.
Impact
Magento UPWAR- php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature.
An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.
Patches
This issue has been resolved in version 1.2.0 of magento2-upward-connector and in version 1.1.5 of upward-php
Workarounds
No workaround exist.
References
N/A
For more information
If you have any questions or comments about this advisory open an issue in upward-php or magento2-upward-connector.