Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.6)

Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-23127)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2015-0228)

Caddy Web Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-30852)

Oracle Database Server Other Vulnerability (CVE-2007-3855)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities