Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Elements For Elementor Local File Inclusion (2.1)
WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.6.4)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)
Django Incorrect Regular Expression Vulnerability (CVE-2018-7537)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)