4 matches found
CVE-2019-7896
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
CVE-2019-7896
creationtimestamp| type| source ---|---|--- 2024-11-14 06:10:12+00:00| seen| MISP/950a8b9a-f5d1-4252-abf0-1552769dc85d...
CVE-2019-7896
CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...
Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities (Jun 2019)
Magento is prone to multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS and others. See the referenced advisories for further details on each specific vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a...