Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (2.3.7)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)

WordPress Directory Traversal (3.7 - 5.0.3)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-43946)

WordPress Plugin Mobile Events Manager CSV Injection (1.4.7)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities