Description

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

References

CVE-2019-7859

Related Vulnerabilities

WebLogic CVE-2021-35552 Vulnerability (CVE-2021-35552)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.4)

WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)

Ampache Improper Authentication Vulnerability (CVE-2007-4438)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4289)

Severity

High

Classification

CVE-2019-7859 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities