CVE-2019-8229Magento vulnerability

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 59.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 1
Timeline
PublishedNov 6
Latest updateMay 24

Description

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

Packagistmagento/community-edition< 1.9.4.3
NVDmagento/magento1.5.0.01.9.4.3+1
CVEListV5adobe_systems_incorporated/magento_1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3+1

🔴Vulnerability Details

2
GHSA
Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability2022-05-24
CVEList
CVE-2019-8229: In Magento prior to 12019-11-05
CVE-2019-8229 — Magento vulnerability | cvebase