CVE-2021-21024 in Magento and Adobe Products

CVE-2021-21024 in Magento and Adobe Products
Published on February 11, 2021

Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2021-21024 has been classified to as a SQL Injection vulnerability or weakness.

Products Associated with CVE-2021-21024

stack.watch emails you whenever new vulnerabilities are published in Magento or Adobe Magento Commerce. Just hit a watch button to start following.

Affected Versions

Version unspecified, <= 2.4.1 is affected.

Version unspecified, <= 2.4.0-p1 is affected.

Version unspecified, <= 2.3.6 is affected.

Version unspecified, <= None is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2021-21024

Package Manager	Vulnerable Package	Versions	Fixed In
composer	openmage/magento-lts	<= 19.4.12	19.4.13
composer	openmage/magento-lts	>= 20.0.0, <= 20.0.8	20.0.9

Package Manager

Vulnerable Package

Versions

Fixed In

composer

openmage/magento-lts

<= 19.4.12

19.4.13

composer

openmage/magento-lts

>= 20.0.0, <= 20.0.8

20.0.9

Exploit Probability

EPSS

2.07%

Percentile

83.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.