CVE-2019-8232
06.11.2019, 00:15
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.
| Vendor | Product | Version |
|---|---|---|
| magento | magento | 1.5.0.0 ≤ 𝑥 < 1.9.4.3 |
| magento | magento | 1.9.0.0 ≤ 𝑥 < 1.14.4.3 |
| magento | magento | 2.2.0 ≤ 𝑥 < 2.2.10 |
| magento | magento | 2.2.0 ≤ 𝑥 < 2.2.10 |
| magento | magento | 2.3.0 ≤ 𝑥 < 2.3.2 |
| magento | magento | 2.3.0 ≤ 𝑥 < 2.3.2 |
| magento | magento | 2.3.2 |
| magento | magento | 2.3.2 |
𝑥
= Vulnerable software versions