PT-2019-18946 · Adobe · Magento
Published
2019-11-05
·
Updated
2022-05-24
·
CVE-2019-8232
CVSS v3.1
6.6
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Magento versions prior to 1.9.4.3
Magento versions prior to 1.14.4.3
Magento 2.2 versions prior to 2.2.10
Magento 2.3 versions prior to 2.3.3
Magento 2.3 version 2.3.2-p1
Description
The issue allows an authenticated user with administrative privileges for the import feature to execute arbitrary code through a race condition. This condition enables the modification of webserver configuration files.
Recommendations
For Magento versions prior to 1.9.4.3, update to version 1.9.4.3 or later.
For Magento versions prior to 1.14.4.3, update to version 1.14.4.3 or later.
For Magento 2.2 versions prior to 2.2.10, update to version 2.2.10 or later.
For Magento 2.3 versions prior to 2.3.3, update to version 2.3.3 or later.
For Magento 2.3 version 2.3.2-p1, update to version 2.3.3 or later.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento