Description
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)
Internet Information Services Other Vulnerability (CVE-2000-0630)
WordPress Plugin Advanced Contact form 7 DB SQL Injection (1.6.0)
WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)