Lucene search
AdobeCVELIST:CVE-2019-8114HistoryNov 05, 2019 - 10:24 p.m.
CVE-2019-8114
2019-11-0522:24:13
adobe
www.cve.org
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.
CNA Affected
[
{
"product": "Magento 1 & 2",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
},
{
"status": "affected",
"version": "Magento 2.2 prior to 2.2.10"
},
{
"status": "affected",
"version": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1"
}
]
}
]References
Related
friendsofphp
friendsofphp
prion
prion
Remote code execution
2019-11-05 23:15:00
osv
osv
CVE-2019-8114
2019-11-05 23:15:12
Magento 2 Community Edition RCE Vulnerability
2022-05-24 17:00:24
nvd
nvd
CVE-2019-8114
2019-11-05 23:15:12
github
github
Magento 2 Community Edition RCE Vulnerability
2022-05-24 17:00:24
cve
cve
CVE-2019-8114
2019-11-05 23:15:12