Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
MyBB Improper Access Control Vulnerability (CVE-2016-9413)
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.23)
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.26)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)