Category: RCE

PRODSECBUG-2146: Remote Code Execution through the Product Media Upload in the Admin

Description: A path traversal vulnerability permits folder creation at arbitrary locations and file deletion from arbitrary locations in the Admin product image/media upload area. Type: Cross-Site Scripting (XSS) CVSSv3 Severity: 6.0 Product(s) Affected: Magento 2.1 prior to 2.1.16, Magento 2.2

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE, Stored XSS

APPSEC-2003: RCE via Varnish settings in admin

Description: Admin user can read any file on server and can execute any commands through Varnish. Vulnerability is in the Magento 2.2 admin configuration settings for Varnish, where admin user can whitelist list of IPs (ACL) and download the customized

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE Tagged with: ,

APPSEC-1952: Remote Code Execution using media upload

Description: An administrator with limited privileges can remotely execute code using a path traversal vulnerability during the CMS image or media upload process. Type: Remote Code Execution (RCE) CVSSv3 Severity: 9.8 (High) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE

APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

Description: An administrator with limited privileges can create a store website that can accept and run arbitrary remote code execution. Type: Remote Code Execution (RCE) CVSSv3 Severity: 8.2 (High) Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE