Arbitrary PHP Code Execution Vulnerability in Magento 2.x

Arbitrary PHP Code Execution Vulnerability in Magento 2.x

CVE-2019-7871 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.

Learn more about our User Device Pen Test.