Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

Remediation

References

CVE-2021-28583

Related Vulnerabilities

Rukovoditel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11818)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44310)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9837)

WordPress Plugin Portfolio Gallery-Photo Gallery Unspecified Vulnerability (2.3.0)

Moodle Improper Input Validation Vulnerability (CVE-2006-4935)

Severity

Medium

Classification

CVE-2021-28583 CWE-657 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities