Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8143)

Oracle Database Server CVE-2012-1745 Vulnerability (CVE-2012-1745)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4098)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities