Lucene search
AdobeCVELIST:CVE-2019-7930HistoryAug 02, 2019 - 9:30 p.m.
CVE-2019-7930
2019-08-0221:30:46
adobe
www.cve.org
A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system.
CNA Affected
[
{
"product": "Magento 2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"
}
]
}
]Related
osv
osv
CVE-2019-7930
2019-08-02 22:15:18
Magento 2 Community Unrestricted File Upload
2022-05-24 16:52:28
nvd
nvd
CVE-2019-7930
2019-08-02 22:15:18
cve
cve
CVE-2019-7930
2019-08-02 22:15:18
veracode
veracode
Arbitrary Code Execution
2019-08-08 02:01:40
friendsofphp
friendsofphp
prion
prion
Unrestricted file upload
2019-08-02 22:15:00
github
github
Magento 2 Community Unrestricted File Upload
2022-05-24 16:52:28
openvas
openvas