Description
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
Joomla CVE-2020-35610 Vulnerability (CVE-2020-35610)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)
WordPress Plugin Google Doc Embedder Cross-Site Scripting (2.5.18)