Miggo Logo
Miggo Vulnerability Database
CVE-2019-7876

CVE-2019-7876: Magento 2 Community Edition RCE Vulnerability

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-7876
GHSA ID
GHSA-6qh6-v99h-vh4c
EPSS Score
0.73756%
CWE
-
Published
5/24/2022
Updated
2/12/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer>= 2.1, < 2.1.182.1.18
magento/community-editioncomposer>= 2.2, < 2.2.92.2.9
magento/community-editioncomposer>= 2.3, < 2.3.22.3.2
magento/product-community-editioncomposer>= 2.1, < 2.1.182.1.18
magento/product-community-editioncomposer>= 2.2, < 2.2.92.2.9
magento/product-community-editioncomposer>= 2.3, < 2.3.22.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of user-controlled layout XML updates. The Merge::addPageHandles function directly processes these updates, and Builder::build executes the compromised layout structure. These functions lack sufficient sanitization, enabling RCE via crafted XML payloads in layout updates. The high confidence stems from Magento's architecture where layout processing is a known attack surface for this CVE.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in M***nto *.* prior to *.*.**, M***nto *.* prior to *.*.*, M***nto *.* prior to *.*.*. *n *ut**nti**t** us*r wit* privil***s to m*nipul*t* l*youts **n ins*rt * m*li*ious p*ylo** into t** l*yout.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* us*r-*ontroll** l*yout XML up**t*s. T** `M*r**::***P*****n*l*s` *un*tion *ir**tly pro**ss*s t**s* up**t*s, *n* `*uil**r::*uil*` *x**ut*s t** *ompromis** l*yout stru*tur*. T**s* *un*tions l**k su**i*i*