Miggo Logo
Miggo Vulnerability Database
CVE-2021-21014

CVE-2021-21014:
Magento vulnerable to a file upload restriction bypass

9.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-21014
GHSA ID
GHSA-269w-pqc7-68q9
EPSS Score
0.68351%
CWE
CWE-434
Published
5/24/2022
Updated
2/10/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer< 2.3.6-p12.3.6-p1
magento/community-editioncomposer>= 2.4.0, < 2.4.22.4.2
magento/project-community-editioncomposer<= 2.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches provided fix various security vulnerabilities related to path traversal and file upload restrictions. The identified functions are directly related to these issues, either by being vulnerable or by being modified as a mitigation. The analysis focused on changes that directly impact security, such as path validation and file handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.*.* (*n* **rli*r), *.*.*-p* (*n* **rli*r) *n* *.*.* (*n* **rli*r) *r* vuln*r**l* to * *il* uplo** r*stri*tion *yp*ss. Su***ss*ul *xploit*tion *oul* l*** to *r*itr*ry *o** *x**ution *y *n *ut**nti**t** *tt**k*r. ****ss to t** **min

Reasoning

T** p*t***s provi*** *ix v*rious s**urity vuln*r**iliti*s r*l*t** to p*t* tr*v*rs*l *n* *il* uplo** r*stri*tions. T** i**nti*i** *un*tions *r* *ir**tly r*l*t** to t**s* issu*s, *it**r *y **in* vuln*r**l* or *y **in* mo*i*i** *s * miti**tion. T** *n*l