Arbitrary File Deletion Vulnerability in Magento 2.x

Arbitrary File Deletion Vulnerability in Magento 2.x

CVE-2019-8090 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Learn more about our User Device Pen Test.