CVE-2019-8231

Published: Nov 6, 2019Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

Affected (2)

Products: Magento: Magento

Magento

1 product

Magento

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Magento Magento	From 1.9.0.0 to 1.14.4.3
Magento Magento	From 1.5.0.0 to 1.9.4.3

References (2)

https://magento.com/security/patches/supee-11219

Source: psirt@adobe.com

Vendor Advisory

https://magento.com/security/patches/supee-11219

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.