CVE Vulnerabilities

CVE-2019-8231

Published: Nov 06, 2019 | Modified: Aug 24, 2020
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

Affected Software

Name Vendor Start Version End Version
Magento Magento 1.5.0.0 (including) 1.9.4.3 (excluding)
Magento Magento 1.9.0.0 (including) 1.14.4.3 (excluding)

References