magento/community-edition is vulnerable to remote code execution (RCE). The vulnerability exists as users with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.
CPE | Name | Operator | Version |
---|---|---|---|
magento/community-edition | le | 2.1.17 | |
magento/community-edition | le | 2.2.8 | |
magento/community-edition | le | 2.3.1 |