CVE-2019-8231

EUVD-2022-5009
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
magentomagento
1.5.0.0 ≤
𝑥
< 1.9.4.3
magentomagento
1.9.0.0 ≤
𝑥
< 1.14.4.3
𝑥
= Vulnerable software versions
References
https://magento.com/security/patches/supee-11219
https://magento.com/security/patches/supee-11219