Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2018-3197 Vulnerability (CVE-2018-3197)
WordPress Plugin Hueman Addons Cross-Site Scripting (2.3.3)
WordPress Plugin Elementor Pro Security Bypass (3.11.6)
WordPress Plugin WooCommerce Checkout For Digital Goods Cross-Site Request Forgery (2.2)
ownCloud Improper Input Validation Vulnerability (CVE-2014-2585)