CVE-2021-21427 CRITICAL

CVE-2021-21427: Backport for CVE-2021-21024 Blind SQLi from Magento 2

Vendor Openmage

Product magento-lts

Weakness CWE-89 · SQLi

Published April 21, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9.

Key dates

Disclosure timeline

April 21, 2021 CVE published

August 3, 2024 Record updated

Identifiers

CVE CVE-2021-21427

CWE CWE-89

CVSS 9.1 / CRITICAL

Affected versions

Vendor Openmage

Product magento-lts

Affected <= 19.4.12

Vendor Openmage

Product magento-lts

Affected <= 20.0.8