Lucene search
GoogleOSV:GHSA-MP9R-RH95-F8F8HistoryMay 24, 2022 - 4:52 p.m.
Magento 2 Community Edition RCE Vulnerability
2022-05-2416:52:25
Google
osv.dev
2
0.002 Low
EPSS
Percentile
64.7%
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7885.yaml
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
nvd.nist.gov/vuln/detail/CVE-2019-7885
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Related
osv
osv
CVE-2019-7885
2019-08-02 22:15:16
friendsofphp
friendsofphp
cvelist
cvelist
CVE-2019-7885
2019-08-02 21:20:53
github
github
Magento 2 Community Edition RCE Vulnerability
2022-05-24 16:52:25
prion
prion
Input validation
2019-08-02 22:15:00
cve
cve
CVE-2019-7885
2019-08-02 22:15:16
nvd
nvd
CVE-2019-7885
2019-08-02 22:15:16
openvas
openvas