ASA-2019-00396 – Magento: Arbitrary code execution through design layout update Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts An authenticated user with admin privileges can execute arbitrary code through a crafted XML layout update.