ASA-2019-00400 – Magento: Arbitrary code execution via malicious XML layouts Posted on June 29, 2019June 29, 2019 by Allele Security Intelligence in Alerts An authenticated user with admin privileges can execute arbitrary code when creating a product via malicious XML layouts.