CVE-2019-8091

Published: 2019-11-05T23:15Z

Last Modified: 2024-11-21T04:49Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt