Description
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Remediation
References
Related Vulnerabilities
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)
WordPress Plugin Image Slider by Ays-Responsive Slider and Carousel SQL Injection (2.4.9)