Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
Affected products
- Adobe Systems Incorporated / Magento 1Magento Open Source prior to 1.9.4.3 – Magento Open Source prior to 1.9.4.3
- Adobe Systems Incorporated / Magento 1and Magento Commerce prior to 1.14.4.3 – and Magento Commerce prior to 1.14.4.3