Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Request Forgery (2.4.0)

Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)

PHP Other Vulnerability (CVE-2015-6832)

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities