2 matches found
CVE-2019-7930
Magento 2.x suffers a file upload restriction bypass (CVE-2019-7930). An authenticated admin with access to the import feature can modify a configuration file, removing upload restrictions and enabling arbitrary code execution when a malicious file is uploaded. Affected versions: Magento 2.1 <...
Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities (Jun 2019)
Magento is prone to multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS and others. See the referenced advisories for further details on each specific vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a...