Description
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
Remediation
References
Related Vulnerabilities
Apache Tomcat Integer Overflow or Wraparound Vulnerability (CVE-2015-8751)
WordPress Plugin Qiniu Uploader Cross-Site Scripting (0.1)
WordPress Plugin Yoast SEO Cross-Site Scripting (2.0.1)
XOOPS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-12138)
WordPress Plugin WP Mail Logging Multiple Unspecified Vulnerabilities (1.5.0)