Lucene search
GoogleOSV:GHSA-HQHF-8JGC-H5HXHistoryMay 24, 2022 - 4:52 p.m.
Magento 2 Community Edition Path Traversal Vulnerability
2022-05-2416:52:23
Google
osv.dev
3
0.002 Low
EPSS
Percentile
58.7%
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7859.yaml
github.com/magento/magento2
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
nvd.nist.gov/vuln/detail/CVE-2019-7859
web.archive.org/web/20220127030535/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24
Related
friendsofphp
friendsofphp
PRODSECBUG-2173: Path traversal vulnerability in WYSIWYG editor.
2019-06-25 00:00:00
osv
osv
CVE-2019-7859
2019-08-02 22:15:15
prion
prion
Path traversal
2019-08-02 22:15:00
nvd
nvd
CVE-2019-7859
2019-08-02 22:15:15
cve
cve
CVE-2019-7859
2019-08-02 22:15:15
cvelist
cvelist
CVE-2019-7859
2019-08-02 21:13:08
github
github
Magento 2 Community Edition Path Traversal Vulnerability
2022-05-24 16:52:23
openvas
openvas