Remote Code Execution Vulnerability in Magento by Adobe
CVE-2019-8125
7.2HIGH
Summary
A remote code execution vulnerability exists in earlier versions of Magento 1, where an authenticated admin user can exploit crafted support configuration settings. This configuration vulnerability enables the modification of system parameters, which could potentially allow an attacker to execute arbitrary code remotely. It is crucial for users to apply the latest security patches to mitigate these risks and ensure the integrity of their e-commerce platforms.
Affected Version(s)
Magento 1 Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved