Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631)
WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)
Apache Tomcat Other Vulnerability (CVE-2002-0936)
WordPress Plugin College publisher Import Arbitrary File Upload (0.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1044)