Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975)

Python Credentials Management Errors Vulnerability (CVE-2019-10160)

WebLogic CVE-2020-14825 Vulnerability (CVE-2020-14825)

WordPress Plugin Users Ultra SQL Injection (1.5.15)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities