A security bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |