Description

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

Remediation

References

CVE-2019-8125

Related Vulnerabilities

WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities (3.0.1)

WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)

WordPress Plugin Easy Testimonials Cross-Site Scripting (1.36.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3390)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Multiple Cross-Site Scripting Vulnerabilities (1.5.45)

Severity

High

Classification

CVE-2019-8125 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities