Main Vulnerability Database Vulnerabilities #VU30901

Input validation error in Magento Open Source - CVE-2019-7876

Published: August 3, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30901

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-7876

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Magento Open Source

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

How to mitigate CVE-2019-7876

Install update from vendor's website.

Sources

https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13

Input validation error in Magento Open Source - CVE-2019-7876

Detailed vulnerability description

How to mitigate CVE-2019-7876

Sources

Please verify you're human