A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento 2.3.2 |
||
magento magento |