CVE-2019-8125

Name of the Vulnerable Software and Affected Versions Magento 1 versions prior to 1.9.x Magento 1 versions prior to 1.14.x

Description A remote code execution issue exists, allowing an authenticated admin user to modify configuration parameters via crafted support configuration, potentially leading to remote code execution.

Recommendations For Magento 1 versions prior to 1.9.x, update to version 1.9.x or later to resolve the issue. For Magento 1 versions prior to 1.14.x, update to version 1.14.x or later to resolve the issue. As a temporary workaround, consider restricting access to configuration parameters for authenticated admin users until a patch is available.