Description

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

Remediation

References

CVE-2019-7876

Related Vulnerabilities

SharePoint CVE-2022-37961 Vulnerability (CVE-2022-37961)

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8399)

MySQL CVE-2021-2169 Vulnerability (CVE-2021-2169)

WordPress Plugin WP Symposium Pro Social Network Multiple Vulnerabilities (15.12)

WordPress Plugin Images Lazyload and Slideshow Cross-Site Scripting (3.2)

Severity

High

Classification

CVE-2019-7876 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities