Lucene search
GoogleOSV:GHSA-5V5P-X8C2-MQXPHistoryMay 24, 2022 - 5:00 p.m.
Magento 2 Community Edition RCE Vulnerability
2022-05-2417:00:26
Google
osv.dev
6
0.003 Low
EPSS
Percentile
66.2%
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8122.yaml
github.com/magento/magento2
magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
nvd.nist.gov/vuln/detail/CVE-2019-8122
web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
Related
github
github
Magento 2 Community Edition RCE Vulnerability
2022-05-24 17:00:26
nvd
nvd
CVE-2019-8122
2019-11-05 23:15:12
friendsofphp
friendsofphp
osv
osv
CVE-2019-8122
2019-11-05 23:15:12
cvelist
cvelist
CVE-2019-8122
2019-11-05 22:50:42
cve
cve
CVE-2019-8122
2019-11-05 23:15:12
prion
prion
Remote code execution
2019-11-05 23:15:00
openvas
openvas