Описание
Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability
Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references.
Original Description
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
< 1.9.4.3
1.9.4.3
Связанные уязвимости
CVSS3: 7.2
nvd
больше 6 лет назад
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.