Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (1.8.1)
Internet Information Services Other Vulnerability (CVE-2006-0026)
WordPress Plugin Current Book Cross-Site Scripting (1.0.1)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)
WordPress Plugin Gwolle Guestbook Remote File Inclusion (1.5.3)