CVE-2019-8122 — Magento vulnerability

7 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.1%

top 21.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Magento Community-edition Adobe Systems Incorporated Magento 2

Timeline

PublishedNov 5

Latest updateMay 24

Description

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmagento/magento2.1.0 — 2.1.19+2

▶Packagistmagento/community-edition2.1.0 — 2.1.19+2

▶CVEListV5adobe_systems_incorporated/magento_2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

Patches

Patch: magento.com ↗Patch: magento.com ↗

🔴Vulnerability Details

GHSA

Magento 2 Community Edition RCE Vulnerability↗2022-05-24

▶

OSV

Magento 2 Community Edition RCE Vulnerability↗2022-05-24

▶

CVEList

CVE-2019-8122: A remote code execution vulnerability exists in Magento 2↗2019-11-05

▶

💬Community

Bugzilla

CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶