Arbitrary Code Execution through Custom Layout Modification in Magento

Arbitrary Code Execution through Custom Layout Modification in Magento

CVE-2019-8231 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

Learn more about our User Device Pen Test.