Description

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

References

CVE-2019-7859

Related Vulnerabilities

Oracle JRE CVE-2017-10388 Vulnerability (CVE-2017-10388)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0215)

SugarCRM Other Vulnerability (CVE-2006-2460)

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

WordPress Plugin Maintenance Cross-Site Request Forgery (3.6.4)

Severity

High

Classification

CVE-2019-7859 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities