Description

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.

Remediation

References

CVE-2019-8109

Related Vulnerabilities

MediaWiki Insecure Storage of Sensitive Information Vulnerability (CVE-2021-36127)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.46.7212)

WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)

OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2023-0286)

MySQL CVE-2022-21412 Vulnerability (CVE-2022-21412)

Severity

High

Classification

CVE-2019-8109 CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities