Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Remediation

References

CVE-2020-9582

Related Vulnerabilities

Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)

WordPress Plugin ListingPro SQL Injection (2.9.3)

WebLogic CVE-2019-2888 Vulnerability (CVE-2019-2888)

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)

Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)

Severity

Critical

Classification

CVE-2020-9582 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities