CVE-2019-8230

HIGH7.2EPSS 0.19%

Magento Remote code execution through support/output path modification

Published: 5/24/2022Modified: 1/10/2024

Description

In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

Affected packages (1)

Packagist/magento/corefrom 0, < 1.9.4.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8230
WEBhttps://magento.com/security/patches/supee-11219