In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Magento | Magento | 1.5.0.0 (including) | 1.9.4.3 (excluding) |
Magento | Magento | 1.9.0.0 (including) | 1.14.4.3 (excluding) |