Allele Security Intelligence - Magento

ASA-2019-00400 – Magento: Arbitrary code execution via malicious XML layouts

Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts

An authenticated user with admin privileges can execute arbitrary code when creating a product via malicious XML layouts.

ASA-2019-00399 – Magento: Security bypass via form data injection

Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts

An authenticated user can inject form data and bypass security protections that prevent arbitrary PHP script upload.

ASA-2019-00398 – Magento: Arbitrary code execution via file upload in admin import feature

Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts

An authenticated user with admin privileges to the import feature can execute arbitrary code by uploading a malicious csv file.

ASA-2019-00397 – Magento: Arbitrary code execution through product imports and design layout update

Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts

An authenticated user with admin privileges can execute arbitrary code through combination of product import via crafted csv file and XML layout update.

ASA-2019-00396 – Magento: Arbitrary code execution through design layout update

Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts

An authenticated user with admin privileges can execute arbitrary code through a crafted XML layout update.

© 2019 Allele Security Intelligence.
All rights reserved. Privacy Policy.