WEB APPLICATION VULNERABILITIES Standard & Premium

Magento CVE-2019-8137 Vulnerability (CVE-2019-8137)

Description

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.

Remediation

References

Related Vulnerabilities

Apache Tomcat Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-9774)

Oracle Application Server Other Vulnerability (CVE-2005-1495)

MySQL CVE-2020-14888 Vulnerability (CVE-2020-14888)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10802)

MySQL CVE-2015-0432 Vulnerability (CVE-2015-0432)

Severity

High

Classification

CVE-2019-8137 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities