3 matches found
CVE-2019-7895
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
CVE-2019-7895
Summary: Magento 2.x versions are affected by a remote code execution vulnerability via a crafted XML layout update. Affected versions: 2.1 before 2.1.18, 2.2 before 2.2.9, 2.3 before 2.3.2. Prerequisite to exploit: an authenticated user with admin privileges to layouts. Impact: arbitrary code ex...
Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities (Jun 2019)
Magento is prone to multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS and others. See the referenced advisories for further details on each specific vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a...