{"id": "CVE-2019-7896", "bulletinFamily": "NVD", "title": "CVE-2019-7896", "description": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.", "published": "2019-08-02T22:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7896", "reporter": "cve@mitre.org", "references": ["https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"], "cvelist": ["CVE-2019-7896"], "type": "cve", "lastseen": "2020-12-09T21:41:57", "edition": 8, "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310112598"]}], "modified": "2020-12-09T21:41:57", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-12-09T21:41:57", "rev": 2}, "vulnersScore": 4.9}, "cpe": [], "affectedSoftware": [{"cpeName": "magento:magento", "name": "magento", "operator": "lt", "version": "2.2.9"}, {"cpeName": "magento:magento", "name": "magento", "operator": "lt", "version": "2.3.2"}, {"cpeName": "magento:magento", "name": "magento", "operator": "lt", "version": "2.1.18"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "cpe23": [], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:magento:magento:2.1.18:*:*:*:open_source:*:*:*", "versionEndExcluding": "2.1.18", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:magento:magento:2.2.9:*:*:*:open_source:*:*:*", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:magento:magento:2.3.2:*:*:*:open_source:*:*:*", "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.3.0", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-08-08T12:41:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7855", "CVE-2019-7865", "CVE-2019-7942", "CVE-2019-7861", "CVE-2019-7866", "CVE-2019-7899", "CVE-2019-7931", "CVE-2019-7862", "CVE-2019-7886", "CVE-2019-7854", "CVE-2019-7892", "CVE-2019-7937", "CVE-2019-7904", "CVE-2019-7903", "CVE-2019-7846", "CVE-2019-7926", "CVE-2019-7939", "CVE-2019-7853", "CVE-2019-7851", "CVE-2019-7930", "CVE-2019-7909", "CVE-2019-7911", "CVE-2019-7874", "CVE-2019-7947", "CVE-2019-7934", "CVE-2019-7849", "CVE-2019-7864", "CVE-2019-7928", "CVE-2019-7875", "CVE-2019-7950", "CVE-2019-7944", "CVE-2019-7921", "CVE-2019-7940", "CVE-2019-7932", "CVE-2019-7913", "CVE-2019-7139", "CVE-2019-7898", "CVE-2019-7912", "CVE-2019-7896", "CVE-2019-7867", "CVE-2019-7850", "CVE-2019-7935", "CVE-2019-7897", "CVE-2019-7880", "CVE-2019-7881", "CVE-2019-7885", "CVE-2019-7923", "CVE-2019-7929", "CVE-2019-7877", "CVE-2019-7889", "CVE-2019-7859", "CVE-2019-7925", "CVE-2019-7872", "CVE-2019-7871", "CVE-2019-7936", "CVE-2019-7915", "CVE-2019-7890", "CVE-2019-7895", "CVE-2019-7945", "CVE-2019-7858", "CVE-2019-7860", "CVE-2019-7888", "CVE-2019-7908", "CVE-2019-7857", "CVE-2019-7882", "CVE-2019-7876", "CVE-2019-7927", "CVE-2019-7873", "CVE-2019-7951", "CVE-2019-7938", "CVE-2019-7852", "CVE-2019-7868", "CVE-2019-7869", "CVE-2019-7863", "CVE-2019-7887"], "description": "Magento is prone to multiple vulnerabilities, including remote code execution (RCE),\n cross-site scripting (XSS) and others.\n\n See the referenced advisories for further details on each specific vulnerability.", "modified": "2019-07-04T00:00:00", "published": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310112598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112598", "type": "openvas", "title": "Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities - June 19", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:magentocommerce:magento';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112598\");\n script_version(\"2019-07-04T13:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 13:06:41 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-04 14:37:11 +0200 (Thu, 04 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2019-7895\", \"CVE-2019-7896\", \"CVE-2019-7930\", \"CVE-2019-7871\", \"CVE-2019-7942\", \"CVE-2019-7903\",\n \"CVE-2019-7931\", \"CVE-2019-7932\", \"CVE-2019-7885\", \"CVE-2019-7950\", \"CVE-2019-7904\", \"CVE-2019-7139\", \"CVE-2019-7928\",\n \"CVE-2019-7892\", \"CVE-2019-7876\", \"CVE-2019-7923\", \"CVE-2019-7913\", \"CVE-2019-7911\", \"CVE-2019-7951\", \"CVE-2019-7861\",\n \"CVE-2019-7915\", \"CVE-2019-7872\", \"CVE-2019-7874\", \"CVE-2019-7927\", \"CVE-2019-7936\", \"CVE-2019-7850\", \"CVE-2019-7862\",\n \"CVE-2019-7937\", \"CVE-2019-7889\", \"CVE-2019-7897\", \"CVE-2019-7909\", \"CVE-2019-7921\", \"CVE-2019-7875\", \"CVE-2019-7925\",\n \"CVE-2019-7926\", \"CVE-2019-7945\", \"CVE-2019-7908\", \"CVE-2019-7880\", \"CVE-2019-7877\", \"CVE-2019-7869\", \"CVE-2019-7868\",\n \"CVE-2019-7867\", \"CVE-2019-7866\", \"CVE-2019-7863\", \"CVE-2019-7934\", \"CVE-2019-7935\", \"CVE-2019-7938\", \"CVE-2019-7940\",\n \"CVE-2019-7944\", \"CVE-2019-7853\", \"CVE-2019-7859\", \"CVE-2019-7858\", \"CVE-2019-7855\", \"CVE-2019-7898\", \"CVE-2019-7890\",\n \"CVE-2019-7854\", \"CVE-2019-7887\", \"CVE-2019-7881\", \"CVE-2019-7882\", \"CVE-2019-7939\", \"CVE-2019-7888\", \"CVE-2019-7929\",\n \"CVE-2019-7899\", \"CVE-2019-7857\", \"CVE-2019-7873\", \"CVE-2019-7851\", \"CVE-2019-7860\", \"CVE-2019-7864\", \"CVE-2019-7886\",\n \"CVE-2019-7846\", \"CVE-2019-7852\", \"CVE-2019-7849\", \"CVE-2019-7947\", \"CVE-2019-7865\", \"CVE-2019-7912\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\"); # patch version not retrievable\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities - June 19\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"sw_magento_detect.nasl\");\n script_mandatory_keys(\"magento/installed\");\n\n script_tag(name:\"summary\", value:\"Magento is prone to multiple vulnerabilities, including remote code execution (RCE),\n cross-site scripting (XSS) and others.\n\n See the referenced advisories for further details on each specific vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.1.18, 2.2.9, 2.3.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13\");\n script_xref(name:\"URL\", value:\"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23\");\n script_xref(name:\"URL\", value:\"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version: version, test_version: \"2.1\", test_version2: \"2.1.17\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.1.18\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif(version_in_range(version: version, test_version: \"2.2\", test_version2: \"2.2.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.2.9\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif(version_in_range(version: version, test_version: \"2.3\", test_version2: \"2.3.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.3.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}