Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)
Oracle Database Server CVE-2012-0512 Vulnerability (CVE-2012-0512)
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
MySQL CVE-2015-4826 Vulnerability (CVE-2015-4826)
Atlassian Jira CVE-2021-26076 Vulnerability (CVE-2021-26076)