CVE-2019-7930

Name of the Vulnerable Software and Affected Versions Magento 2.1 versions 2.1.0 through 2.1.17 Magento 2.2 versions 2.2.0 through 2.2.8 Magento 2.3 versions 2.3.0 through 2.3.1

Description A file upload restriction bypass issue exists, allowing an authenticated user with administrator privileges to the import feature to modify a configuration file. This can lead to unauthorized removal of file upload restrictions, potentially resulting in arbitrary code execution when a malicious file is uploaded and executed on the system.

Recommendations For Magento 2.1 versions 2.1.0 through 2.1.17, update to version 2.1.18 or later. For Magento 2.2 versions 2.2.0 through 2.2.8, update to version 2.2.9 or later. For Magento 2.3 versions 2.3.0 through 2.3.1, update to version 2.3.2 or later.