Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7871 - Vulnerability Database
Magento

Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7871

High
Reference: CVE-2019-7871
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7871
Title: Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

A security bypass exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.