Description

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

Remediation

References

CVE-2019-8125

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2002-0969)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)

Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)

MySQL Other Vulnerability (CVE-2006-4031)

WordPress Plugin PHP Event Calendar for WordPress Arbitrary File Upload (1.6)

Severity

High

Classification

CVE-2019-8125 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities