CVE-2019-8122
CVE-2019-8122 - Magento RCE . A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, 2.2 before 2.2.10, and 2.3 before 2.3.3. An authenticated user with privileges to create products can craft a custom layout update and, via the import product function, trigger RCE. The root c...