Lucene search
Veracode Vulnerability DatabaseVERACODE:21188HistoryAug 13, 2019 - 5:55 a.m.
Remote Code Execution (RCE)
2019-08-1305:55:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.003 Low
EPSS
Percentile
66.2%
magento/community-edition is vulnerable to remote code execution (RCE). The vulnerability exists as users with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | le | 2.1.17 | |
| magento/community-edition | le | 2.2.8 | |
| magento/community-edition | le | 2.3.1 |
Related
osv
osv
Magento 2 Community Edition RCE Vulnerability
2022-05-24 16:52:28
CVE-2019-7932
2019-08-02 22:15:18
friendsofphp
friendsofphp
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
2019-06-25 00:00:00
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
2019-06-25 00:00:00
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
2019-06-25 00:00:00
cvelist
cvelist
CVE-2019-7932
2019-08-02 21:31:05
nvd
nvd
CVE-2019-7932
2019-08-02 22:15:18
prion
prion
Remote code execution
2019-08-02 22:15:00
cve
cve
CVE-2019-7932
2019-08-02 22:15:18
github
github
Magento 2 Community Edition RCE Vulnerability
2022-05-24 16:52:28
openvas
openvas