Remote code execution

2019-11-0523:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

CPENameOperatorVersion
magentoge1.9.0.0
magentolt1.14.4.3
magentoge1.5.0.0
magentolt1.9.4.3

Name	Operator	Version
magento	ge	1.9.0.0
magento	lt	1.14.4.3
magento	ge	1.5.0.0
magento	lt	1.9.4.3

References

magento.com/security/patches/supee-11219