Lucene search
GoogleOSV:GHSA-V527-6H5R-CFG8HistoryMay 24, 2022 - 4:52 p.m.
Magento 2 Community Edition Unsafe File Upload
2022-05-2416:52:24
Google
osv.dev
2
0.001 Low
EPSS
Percentile
31.6%
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7871.yaml
github.com/magento/magento2
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
nvd.nist.gov/vuln/detail/CVE-2019-7871
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Related
nvd
nvd
CVE-2019-7871
2019-08-02 22:15:15
github
github
Magento 2 Community Edition Unsafe File Upload
2022-05-24 16:52:24
friendsofphp
friendsofphp
PRODSECBUG-2202: Security bypass via form data injection
2019-06-25 00:00:00
osv
osv
CVE-2019-7871
2019-08-02 22:15:15
cve
cve
CVE-2019-7871
2019-08-02 22:15:15
prion
prion
Security feature bypass
2019-08-02 22:15:00
cvelist
cvelist
CVE-2019-7871
2019-08-02 21:17:01
openvas
openvas