Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7903 - Vulnerability Database
Magento

Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7903

High
Reference: CVE-2019-7903
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7903
Title: Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.