Description
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-5908 Vulnerability (CVE-2013-5908)
OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)
WebLogic CVE-2019-2856 Vulnerability (CVE-2019-2856)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0929)
WordPress Plugin 3D Flick Slideshow 'upload.php' Arbitrary File Upload (2.1)