CVE Vulnerabilities

CVE-2019-8230

Published: Nov 06, 2019 | Modified: Aug 24, 2020
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

Affected Software

Name Vendor Start Version End Version
Magento Magento 1.5.0.0 (including) 1.9.4.3 (excluding)
Magento Magento 1.9.0.0 (including) 1.14.4.3 (excluding)

References