Description

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7861

Related Vulnerabilities

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2019-18838)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Unspecified Vulnerability (1.6)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7052)

Apache Traffic Server CVE-2024-31309 Vulnerability (CVE-2024-31309)

WordPress Plugin Meow Gallery (+ Gallery Block) SQL Injection (4.1.8)

Severity

High

Classification

CVE-2019-7861 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities