Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.
Remediation
References
Related Vulnerabilities
WordPress Plugin Really Simple Share Unspecified Vulnerability (4.3.6)
MySQL Other Vulnerability (CVE-2003-0073)
WordPress Plugin Backup Bank:WordPress Backup Security Bypass (4.0.28)
WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-22648)