Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8093)
Liferay Portal CVE-2020-15841 Vulnerability (CVE-2020-15841)
Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-6358)