CVE-2019-8144
published 2019-11-06CVE-2019-8144: A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.47%
82.5th percentile
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe_systems_incorporated | magento_2 | — | — |
| magento | community-edition | >= 2.3 < 2.3.2-p1 | 2.3.2-p1 |
| magento | magento | — | — |
| magento | magento | >= 2.3.0 < 2.3.2 | 2.3.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Magento 2 Community Edition RCE Vulnerability
osv·2022-05-24
CVE-2019-8144 [CRITICAL] Magento 2 Community Edition RCE Vulnerability
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
GHSA
Magento 2 Community Edition RCE Vulnerability
ghsa·2022-05-24
CVE-2019-8144 [CRITICAL] Magento 2 Community Edition RCE Vulnerability
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-06
Published