Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.
Remediation
References
Related Vulnerabilities
WordPress 6.2.x Multiple Vulnerabilities (6.2 - 6.2.5)
Perl Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-47100)
Squid Out-of-bounds Read Vulnerability (CVE-2022-41318)
ownCloud Other Vulnerability (CVE-2015-5954)
WordPress Plugin Attachment File Icons (AF Icons) Cross-Site Request Forgery (1.3)