Description
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2036 Vulnerability (CVE-2021-2036)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.9)
WordPress Plugin Prismatic Multiple Cross-Site Scripting Vulnerabilities (2.7)
WordPress Plugin Qtranslate Slug Unspecified Vulnerability (1.1.16)
WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)