Описание
Magento command injection vulnerability
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.4-p2
2.3.4-p2
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
< 2.2.12
2.2.12
Наименование
magento/core
composer
Затронутые версииВерсия исправления
< 1.9.4.5
1.9.4.5
Наименование
magento/project-community-edition
composer
Затронутые версииВерсия исправления
<= 2.0.2
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
больше 5 лет назад
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.