Description

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

References

CVE-2019-7859

Related Vulnerabilities

WordPress Plugin All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs-My Sticky Elements SQL Injection (2.0.8)

WordPress Plugin N-Media Post Front-end Form Arbitrary File Upload (1.0)

Oracle JRE CVE-2023-21967 Vulnerability (CVE-2023-21967)

Squid Improper Input Validation Vulnerability (CVE-2009-2855)

WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)

Severity

High

Classification

CVE-2019-7859 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities