CVE-2019-8229

Summary

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 1Magento Open Source prior to 1.9.4.3affected
Adobe Systems IncorporatedMagento 1and Magento Commerce prior to 1.14.4.3affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References