Description
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Remediation
References
Related Vulnerabilities
WordPress Plugin OneLogin SAML SSO Security Bypass (2.2.0)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2196)
WordPress Plugin Themify Builder Cross-Site Scripting (5.3.1)
Moodle CVE-2022-40314 Vulnerability (CVE-2022-40314)
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.27)