CVE-2019-7895 — Magento vulnerability
4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.9%
top 24.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 2
Latest updateMay 24
Description
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5adobe_systems_incorporated/magento_2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2