1 results (0.009 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation. Magento UPWARD-php versiones 1.1.4 (y anteriores) está afectado por una vulnerabilidad de salto de ruta en Magento UPWARD Connector versiones 1.1.2 (y anteriores) debido a la funcionalidad de carga. Un atacante podría explotar esta vulnerabilidad para cargar un archivo YAML malicioso que puede contener instrucciones que permitan leer archivos arbitrarios desde el servidor remoto. • https://github.com/magento/upward-php/security https://github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •