CVE-2019-8154
CVE-2019-8154 describes a remote code execution in Magento 2.x prior to certain patched versions. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion by submitting a crafted XML file that specifies product design update. Affected versions include Magent...