Description

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7861

Related Vulnerabilities

Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29048)

WordPress Plugin Web Invoice-Invoicing and billing for WordPress Multiple SQL Injection Vulnerabilities (2.1.3)

Moodle Other Vulnerability (CVE-2011-4586)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)

Severity

High

Classification

CVE-2019-7861 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities