CVE-2019-8231

HIGH7.2EPSS 0.19%

Magento Remote code execution through catalog attribute sets

發布日:2022/5/24修改日:2024/1/10

描述

In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

受影響套件(1)

Packagist/magento/corefrom 0, < 1.9.4.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8231
WEBhttps://magento.com/security/patches/supee-11219