Description

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

References

CVE-2019-7859

Related Vulnerabilities

Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1498)

WordPress Plugin Xtreme Locator Dealer Locator SQL Injection (1.5)

WordPress Plugin Advanced Access Manager Security Bypass (3.2.1)

WordPress Plugin Print-O-Matic Cross-Site Scripting (2.0.2)

Severity

High

Classification

CVE-2019-7859 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities