CVE-2019-8125

Summary

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References