CVE-2019-8230

HIGH7.2EPSS 0.19%

Magento Remote code execution through support/output path modification

發布日:2022/5/24修改日:2024/1/10

描述

In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

受影響套件(1)

Packagist/magento/corefrom 0, < 1.9.4.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8230
WEBhttps://magento.com/security/patches/supee-11219