Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-14640 Vulnerability (CVE-2020-14640)
WordPress Plugin WordPress File Upload Cross-Site Request Forgery (2.4.1)
WordPress Plugin Media Library Assistant Information Disclosure (3.00)
WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.2.6)
WordPress Plugin Tutor LMS-eLearning and online course solution Local File Inclusion (1.8.7)