CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8144

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile27.14th
PublishedNov 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.

Affected Platforms (CPE)

πŸ“¦
Magento

Magento

>= 2.3.0 and < 2.3.2
πŸ“¦
Magento

Magento

>= 2.3.0 and < 2.3.2
πŸ“¦
Magento

Magento

= 2.3.2
πŸ“¦
Magento

Magento

= 2.3.2

References & Advisories

πŸ”— https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
πŸ”— https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Related Vulnerabilities

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...

CVE-2019-71399.8

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...