CVE-2019-7942

Source
https://cve.org/CVERecord?id=CVE-2019-7942
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7942.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-7942
Aliases
Published
2019-08-02T22:15:19.143Z
Modified
2026-02-03T07:08:10.695386Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.

References

Affected packages

Git / github.com/magento/devdocs

Affected versions

2.*
2.0.16
2.0.17
2.0.18
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.9
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3.0
2.3.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7942.json"

Git / github.com/magento/magento2

Affected versions

2.*
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.0-RC1.1
2.2.0-RC1.2
2.2.0-RC1.3
2.2.0-RC1.4
2.2.0-RC1.5
2.2.0-RC1.6
2.2.0-RC1.8
2.2.0-rc2.0
2.2.0-rc2.1
2.2.0-rc2.2
2.2.0-rc2.3
2.2.0-rc3.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3.0
2.3.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7942.json"