CVE-2019-8125

State: PUBLISHED · Published: 2019-11-05 · Updated: 2024-08-04 · Assigner: adobe

Description

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

CWE

(none)

Affected

Adobe Systems Incorporated / Magento 1 — v=Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3. [affected]

CVSS

(none)

References

https://magento.com/security/patches/supee-11219 x_refsource_MISC

Source

cvelistV5-main/cves/2019/8xxx/CVE-2019-8125.json