CVE-2019-8140

Summary

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 2Magento 2.2 prior to 2.2.10affected
Adobe Systems IncorporatedMagento 2Magento 2.3 prior to 2.3.3 or 2.3.2-p1affected

Weaknesses

  • Unrestricted file upload

ADP Enrichment

CVE Program Container

Additional References

References