CVE-2019-7876

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/magento/product-community-edition

Identifiers

GHSA-6qh6-v99h-vh4c, CVE-2019-7876

Package Slug

packagist/magento/product-community-edition

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

Affected Versions

All versions starting from 2.1 before 2.1.18, all versions starting from 2.2 before 2.2.9, all versions starting from 2.3 before 2.3.2

Solution

Upgrade to versions 2.1.18, 2.2.9, 2.3.2 or above.

Last Modified

2024-02-12

source