Description
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2200)
WordPress Plugin SEO-Dashboard by gutewebsites.de Cross-Site Scripting (1.2.5)
Squid Improper Certificate Validation Vulnerability (CVE-2021-41611)