Home > Vulnerability Database > CVE-2019-7932

Mend.io Vulnerability Database

CVE-2019-7932

Good to know:

Date: August 2, 2019

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.

Language: PHP

Severity Score

6.5

Related Resources (3)

Url: https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-7932

Url: https://www.mend.io/vulnerability-database/CVE-2019-7932

Severity Score

6.5

Weakness Type (CWE)

Code Injection

CWE-94

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version Magento-2.1.18, Magento-2.2.9, Magento-2.3.2

Learn More

CVSS v3

Base Score:	6.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.4
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-7932

Good to know:

Date: August 2, 2019

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?