APPSEC-1901: Local file inclusion in customer view

Description: An administrator with limited privileges can read arbitrary files from the file system.

Type: Local File Inclusion (LFI)

CVSSv3 Severity: 6.4 (Medium)

Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, Magento 2.2 prior to 2.2.3

Fixed In: Magento 2.0.18, Magento 2.1.12, Magento 2.2.3

Posted in LFI, Magento 2, Magento Commerce, Magento Open Source