Description

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Remediation

References

CVE-2020-9692

Related Vulnerabilities

Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)

WordPress Plugin Subscribe Sidebar by Blubrry Cross-Site Scripting (1.3.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20281)

WordPress Other Vulnerability (CVE-2007-3238)

Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5)

Severity

Medium

Classification

CVE-2020-9692 CWE-863 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities