CVE-2019-8231

CWE-94Code Injection4 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 59.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Magento MagentoMagento CoreAdobe Systems Incorporated Magento 1
Timeline
PublishedNov 6
Latest updateMay 24

Description

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

Packagistmagento/core< 1.9.4.3
NVDmagento/magento1.5.0.01.9.4.3+1
CVEListV5adobe_systems_incorporated/magento_1Magento Commerce prior to 1.14.4.3, Magento Open Source prior to 1.9.4.3+1

🔴Vulnerability Details

3
GHSA
Magento Remote code execution through catalog attribute sets2022-05-24
OSV
Magento Remote code execution through catalog attribute sets2022-05-24
CVEList
CVE-2019-8231: In Magento to 12019-11-05
CVE-2019-8231 (HIGH CVSS 7.2) | In Magento to 1.9.4.3 and Magento p | cvebase.io