Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin ThemeREX Addons Remote Code Execution (All)
WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)
WordPress Plugin YITH WooCommerce Quick View Security Bypass (1.3.13)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0815)
WordPress Plugin Fungif The Awesome GIFs Cross-Site Scripting (2.0)