Description

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.

Remediation

References

CVE-2019-7885

Related Vulnerabilities

WordPress Plugin WP All Backup Unspecified Vulnerability (1.5)

Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328)

WordPress Plugin Download Monitor Unspecified Vulnerability (4.4.6)

Perl Other Vulnerability (CVE-2009-3626)

WordPress Plugin Image Photo Gallery Final Tiles Grid Security Bypass (3.3.52)

Severity

High

Classification

CVE-2019-7885 CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities