-
CVSS Score
-| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3, < 2.3.2 | 2.3.2 |
The vulnerability stems from improper validation of user-controlled configuration values that govern file upload restrictions. Key functions identified are those responsible for 1) retrieving allowed extensions from config (ImageUploader::getAllowedExtensions), and 2) enforcing these restrictions during upload (Uploader::_setUploadFile). These functions become vulnerable when configuration values are manipulated to empty, as they lack fallback mechanisms to enforce minimum security constraints. The assessment aligns with Magento's architecture where configuration-driven upload filters are common, and matches the CWE-434 pattern of unrestricted uploads via missing validation.