Description
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
Affected products
- Adobe Systems Incorporated / Magento 1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3. – Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.