Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
Remediation
References
Related Vulnerabilities
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)
SharePoint CVE-2022-30172 Vulnerability (CVE-2022-30172)
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)
Python CVE-2019-9636 Vulnerability (CVE-2019-9636)
Oracle Application Server CVE-2006-5363 Vulnerability (CVE-2006-5363)