Description

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7861

Related Vulnerabilities

WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)

Oracle JRE CVE-2013-2449 Vulnerability (CVE-2013-2449)

Moodle Improper Access Control Vulnerability (CVE-2016-3733)

WebLogic CVE-2019-2650 Vulnerability (CVE-2019-2650)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0216)

Severity

High

Classification

CVE-2019-7861 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities