CVE-2019-7871
Magento 2.x contains a security bypass that enables arbitrary PHP code execution via form data injection. Affected versions are 2.1 before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2. The root cause is a bypass of protections that prevent arbitrary PHP script upload, exploitable by an authenti...