A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |