Description

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

Remediation

References

CVE-2019-8229

Related Vulnerabilities

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-1944)

WordPress Plugin Rekt Slideshow TimThumb Arbitrary File Upload (1.0.5)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)

MySQL Resource Management Errors Vulnerability (CVE-2010-3679)

WordPress Plugin Better Click To Tweet Unspecified Vulnerability (5.1)

Severity

High

Classification

CVE-2019-8229 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities