CVE-2019-8090 — Magento vulnerability

6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 71.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Magento Community-edition Adobe Systems Incorporated Magento 2

Timeline

PublishedNov 5

Latest updateMay 24

Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmagento/magento2.1.0 — 2.1.19+3

▶Packagistmagento/community-edition2.2.0 — 2.2.10+1

▶CVEListV5adobe_systems_incorporated/magento_2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

Patches

Patch: magento.com ↗Patch: magento.com ↗

🔴Vulnerability Details

GHSA

Magento 2 Community Edition Arbitrary File Deletion↗2022-05-24

▶

OSV

Magento 2 Community Edition Arbitrary File Deletion↗2022-05-24

▶

CVEList

CVE-2019-8090: An arbitrary file deletion vulnerability exists in Magento 2↗2019-11-05

▶

💥Exploits & PoCs

Exploit-DB

WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting↗2020-06-22

▶

Exploit-DB

WebPort 1.19.1 - Reflected Cross-Site Scripting↗2020-06-22

▶