CVE-2019-8119 — Magento vulnerability

7 documents5 sources

Severity

7.2HIGHNVD

EPSS

1.8%

top 17.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Magento Community-edition Adobe Systems Incorporated Magento 2

Timeline

PublishedNov 5

Latest updateMay 24

Description

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDmagento/magento2.1.0 — 2.1.19+2

▶Packagistmagento/community-edition2.1.0 — 2.1.19+2

▶CVEListV5adobe_systems_incorporated/magento_2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

Patches

Patch: magento.com ↗Patch: magento.com ↗

🔴Vulnerability Details

OSV

Magento 2 Community Edition RCE Vulnerability↗2022-05-24

▶

GHSA

Magento 2 Community Edition RCE Vulnerability↗2022-05-24

▶

CVEList

CVE-2019-8119: A remote code execution vulnerability exists in Magento 2↗2019-11-05

▶

💬Community

Bugzilla

CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶