Lucene search
K

44 matches found

Prion
Prion
added 2019/08/02 10:15 p.m.15 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...

6.5CVSS7.2AI score0.01921EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.21 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

6.5CVSS7.3AI score0.01921EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.12 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates...

6.5CVSS7.3AI score0.01921EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/02 9:23 p.m.75 views

CVE-2019-7896

CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...

7.2CVSS7.5AI score0.01921EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder