Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2019-7912 - Vulnerability Database
Magento

Magento Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2019-7912

High
Reference: CVE-2019-7912
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7912
Title: Magento Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters potentially resulting in the malicious upload and execution of malicious files on the server.