Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
Remediation
References
Related Vulnerabilities
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26)
Moodle CVE-2023-23923 Vulnerability (CVE-2023-23923)
MySQL CVE-2014-6494 Vulnerability (CVE-2014-6494)
WordPress Plugin Z-URL Preview Cross-Site Scripting (1.6.2)
WordPress Plugin User Submitted Posts Arbitrary File Upload (20190426)