Mmansoor-Magento

Name of the Vulnerable Software and Affected Versions: Magento UPWARD-php versions 1.1.4 and earlier Magento UPWARD Connector versions 1.1.2 and earlier Description: The issue is related to a Path traversal vulnerability due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allow reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation. Recommendations: For Magento UPWARD-php versions 1.1.4 and earlier, consider disabling the upload feature until a patch is available. For Magento UPWARD Connector versions 1.1.2 and earlier, restrict access to the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.