Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.
Remediation
References
Related Vulnerabilities
WordPress Plugin Download Monitor SQL Injection (4.4.4)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-1850)
Joomla Incorrect Authorization Vulnerability (CVE-2018-17857)
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)