CVE-2019-7876
HIGH8.8EPSS 0.84%Magento 2 Community Edition RCE Vulnerability
Published: 5/24/2022Modified: 11/28/2024
Also known as:GHSA-6qh6-v99h-vh4c
Description
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Affected packages (2)
- Packagist/magento/community-edition>= 2.1, < 2.1.18
- Packagist/magento/product-community-edition>= 2.1, < 2.1.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-7876
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7876.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- WEBhttps://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13