Remote Code Execution Vulnerability in Magento by Adobe
CVE-2019-8125

7.2HIGH

Key Information:

Vendor
Adobe
Status
Magento 1
Vendor
CVE Published:
5 November 2019

Summary

A remote code execution vulnerability exists in earlier versions of Magento 1, where an authenticated admin user can exploit crafted support configuration settings. This configuration vulnerability enables the modification of system parameters, which could potentially allow an attacker to execute arbitrary code remotely. It is crucial for users to apply the latest security patches to mitigate these risks and ensure the integrity of their e-commerce platforms.

Affected Version(s)

Magento 1 Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.

References

https://magento.com/security/patches/supee-11219
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.