Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-7859 - Vulnerability Database
Magento

Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-7859

High
Reference: CVE-2019-7859
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7859
Title: Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.