2 matches found
CVE-2019-8140
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...
CVE-2019-8140
CVE-2019-8140 affects Magento 2.x: versions prior to 2.2.10 (and 2.3 prior to 2.3.3 or 2.3.2-p1) are vulnerable. An authenticated admin can exploit the Media File Storage Synchronization to convert uploaded JPEGs into PHP files, enabling unrestricted file upload. Root cause: improper handling in ...