CVE-2019-8140: Unrestricted Upload of File with Dangerous Type
(updated )
An unrestricted file upload vulnerability exists in Magento. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.
References
Detect and mitigate CVE-2019-8140 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →