-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | <= 2.4.0 | 2.4.1 |
| magento/project-community-edition | composer | <= 2.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on unsafe file uploads in Magento's import functionality (System/Data and Transfer/Import components). The Upload controller's execute() method directly processes user-supplied files, and the Uploader class's extension validation is critical for security. The CWE-434 classification indicates improper file type validation, which would manifest in these components. While exact patch details are unavailable, Magento's import flow and security advisories strongly implicate these functions as the attack surface for RCE via malicious file uploads.