CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-36023.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

870 B
Raw Permalink Blame History

CVE-2021-36023

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink