Description

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

Remediation

References

CVE-2019-8125

Related Vulnerabilities

PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)

WordPress Plugin I Recommend This SQL Injection (3.7.7)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Scripting (2.70)

MediaWiki Other Vulnerability (CVE-2006-2895)

Seo Panel Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-22646)

Severity

High

Classification

CVE-2019-8125 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities