APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

Description: An administrator with limited privileges can create a store website that can accept and run arbitrary remote code execution.

Type: Remote Code Execution (RCE)

CVSSv3 Severity: 8.2 (High)

Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10, Magento 2.2

Fixed In: Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE