Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Sharing-Social Warfare Multiple Vulnerabilities (3.5.2)
WordPress Plugin WatuPRO SQL Injection (5.5.3.6)
Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)
MySQL CVE-2019-2685 Vulnerability (CVE-2019-2685)
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)