CVE-2019-8140: Unrestricted Upload of File with Dangerous Type

November 5, 2019 (updated November 7, 2019)

An unrestricted file upload vulnerability exists in Magento. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.

References

magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
nvd.nist.gov/vuln/detail/CVE-2019-8140

Code Behaviors & Features

Detect and mitigate CVE-2019-8140 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →