Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2014-8142)
WordPress Plugin Disclosure Policy 'abspath' Parameter Remote File Include (1.0)
WordPress Plugin WP Reset-Most Advanced WordPress Reset Tool Cross-Site Scripting (1.86)
Ruby Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16255)
WordPress Plugin Mikiurl WordPress Eklentisi Cross-Site Request Forgery (2.0)