Description

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

References

CVE-2019-7859

Related Vulnerabilities

WordPress Plugin HM Multiple Roles Security Bypass (1.2)

Oracle JRE CVE-2014-0463 Vulnerability (CVE-2014-0463)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.34)

WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)

Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-22648)

Severity

High

Classification

CVE-2019-7859 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities