Description
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)
MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5204)
WordPress Plugin Theme My Login Local File Inclusion (6.3.9)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.2)