Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8135)

Description

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.

Remediation

References

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.26)

MySQL CVE-2022-21484 Vulnerability (CVE-2022-21484)

WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)

WordPress Improper Privilege Management Vulnerability (CVE-2020-28035)

Severity

Critical

Classification

CVE-2019-8135 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities