CVE-2019-8231

HIGH7.2EPSS 0.19%

Magento Remote code execution through catalog attribute sets

Published: 5/24/2022Modified: 1/10/2024

Description

In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

Affected packages (1)

Packagist/magento/corefrom 0, < 1.9.4.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8231
WEBhttps://magento.com/security/patches/supee-11219