In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

Affected Packages

Packagist magento/core

Affected versions: 0 (fixed in 1.9.4.3)

Related CVEs

CVE-2019-8230

Key Information

GHSA ID

GHSA-qp43-2vhf-cj8g

Published

May 24, 2022 5:00 PM

Last Modified

January 10, 2024 9:36 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

magento/core

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.