CVE-2019-8091

Summary

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 1Magento Open Source prior to 1.9.4.3affected
Adobe Systems IncorporatedMagento 1and Magento Commerce prior to 1.14.4.3affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References