Description
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Remediation
References
Related Vulnerabilities
WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2)
Jetty Other Vulnerability (CVE-2024-6763)
SharePoint Out-of-bounds Write Vulnerability (CVE-2014-1761)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2643)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)