What is CVE-2021-32759?

CVE-2021-32759 is a high-severity vulnerability in Openmage Magento-lts, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2021-08-27.

How severe is CVE-2021-32759?

High severity. CVSS v3 base score is 7.2 out of 10.

Improper input validation in Openmage Magento-lts

CVE-2021-32759

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (68.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Openmage Magento-lts — versions < 19.4.15, >= 20, < 20.0.13

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

github.com/OpenMage/magento-lts/releases/tag/v19.4.15 (x_refsource_MISC)
github.com/OpenMage/magento-lts/security/advisories/GHSA-xm9f-vxmx-4m58 (x_refsource_CONFIRM)
github.com/OpenMage/magento-lts/releases/tag/v20.0.13 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32759?: CVE-2021-32759 is a high-severity vulnerability in Openmage Magento-lts, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2021-08-27.
How severe is CVE-2021-32759?: High severity. CVSS v3 base score is 7.2 out of 10.