{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T07:47:54.213","vulnerabilities":[{"cve":{"id":"CVE-2019-8154","sourceIdentifier":"psirt@adobe.com","published":"2019-11-06T00:15:12.703","lastModified":"2024-11-21T04:49:23.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución de código remota en Magento versiones 2.2 anteriores a la versión 2.2.10, Magento versiones 2.3 anteriores a 2.3.3 o 2.3.2-p1. Un usuario autenticado con privilegios para modificar los catálogos de productos puede desencadenar una inclusión de archivos PHP por medio de un archivo XML diseñado que especifica la actualización del diseño del producto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.10","matchCriteriaId":"24318637-C95B-4811-87F5-14A6F4EDE2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.10","matchCriteriaId":"A06CF88F-F067-4058-9306-864FEA3D7062"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.2","matchCriteriaId":"B720D2FA-A6FD-49A3-8B78-07993560081D"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.2","matchCriteriaId":"6B8C5A27-2957-4373-B0FE-8C7585B4B04E"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:2.3.2:-:*:*:commerce:*:*:*","matchCriteriaId":"ED7EB5B4-33F4-4389-BCA4-50A113F8C719"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:2.3.2:-:*:*:open_source:*:*:*","matchCriteriaId":"465133F9-0BFE-491E-8FE8-A263F9E2FC1D"}]}]}],"references":[{"url":"https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}