Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Adminer Multiple Cross-Site Scripting Vulnerabilities (1.4.3)
Oracle Database Server CVE-2006-5342 Vulnerability (CVE-2006-5342)
WordPress Plugin WP Live Chat Support Pro Unspecified Vulnerability (8.0.07)
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)