Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Remediation

References

CVE-2020-9582

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6124)

WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)

WordPress Plugin Acurax On Click Pop Under Multiple Unspecified Vulnerabilities (2.2.1)

WordPress Plugin WP SlackSync Information Disclosure (1.8.5)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5097)

Severity

Critical

Classification

CVE-2020-9582 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities