CVE-2019-8125 — Magento vulnerability
3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.1%
top 22.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 5
Latest updateMay 24
Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5adobe_systems_incorporated/magento_1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.