Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
2020-06-26T21:15:16.997
2024-11-21T05:40:54.663
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | magento | magento | ≤ 1.9.4.4 | Yes |
Application | magento | magento | ≤ 1.14.4.4 | Yes |
Application | magento | magento | ≤ 2.2.11 | Yes |
Application | magento | magento | ≤ 2.2.11 | Yes |
Application | magento | magento | ≤ 2.3.4 | Yes |
Application | magento | magento | ≤ 2.3.4 | Yes |