CVE-2019-8230

CWE-94Code Injection4 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 59.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Magento MagentoMagento CoreAdobe Systems Incorporated Magento 1
Timeline
PublishedNov 6
Latest updateMay 24

Description

In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

Packagistmagento/core< 1.9.4.3
NVDmagento/magento1.5.0.01.9.4.3+1
CVEListV5adobe_systems_incorporated/magento_1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3+1

🔴Vulnerability Details

3
OSV
Magento Remote code execution through support/output path modification2022-05-24
GHSA
Magento Remote code execution through support/output path modification2022-05-24
CVEList
CVE-2019-8230: In Magentoprior to 12019-11-05
CVE-2019-8230 (HIGH CVSS 7.2) | In Magentoprior to 1.9.4.3 | cvebase.io