PT-2019-18890 · Adobe · Magento
Publicado
2019-11-05
·
Atualizado
2022-05-24
·
CVE-2019-8114
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Magento 1 versions prior to 1.9.4.3
Magento 1 versions prior to 1.14.4.3
Magento 2.2 versions prior to 2.2.10
Magento 2.3 versions prior to 2.3.3
Magento 2.3 versions prior to 2.3.2-p1
Description
A remote code execution issue exists, allowing an authenticated user with admin privileges to import features to execute arbitrary code via a crafted configuration archive file upload.
Recommendations
For Magento 1 versions prior to 1.9.4.3, update to version 1.9.4.3 or later.
For Magento 1 versions prior to 1.14.4.3, update to version 1.14.4.3 or later.
For Magento 2.2 versions prior to 2.2.10, update to version 2.2.10 or later.
For Magento 2.3 versions prior to 2.3.3, update to version 2.3.3 or later.
For Magento 2.3 versions prior to 2.3.2-p1, update to version 2.3.2-p1 or later, then promptly upgrade to 2.3.2-p2.
Exploit
Correção
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Magento