Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Team Members Cross-Site Scripting (5.2.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
PHP Use After Free Vulnerability (CVE-2017-12934)
WordPress 4.4.x Cross-Site Scripting Vulnerability (4.4 - 4.4.2)
WordPress Plugin Contact Form 'wpcf_easyform_formid' Parameter SQL Injection (2.7.5)