Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7942 - Vulnerability Database
Magento

Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7942

High
Reference: CVE-2019-7942
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7942
Title: Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.