CVE-2021-32759

CVE-2021-32759 is a vulnerability in Magento 1.x and OpenMage versions prior to v19.4.15. Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server.
The vulnerability is fixed in OpenMage v19.4.15. The following patch is used to close the vulnerability:

diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Io.php b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Io.php
index 60cdb9c98b..32a3380505 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Io.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Io.php
@@ -49,7 +49,7 @@ public function getResource($forWrite = false)
             $isError = false;
 
             $ioConfig = $this->getVars();
-            switch ($this->getVar('type', 'file')) {
+            switch (strtolower($this->getVar('type', 'file'))) {
                 case 'file':
                     //validate export/import path
                     $path = rtrim($ioConfig['path'], '\\/')