Description

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.

Remediation

References

CVE-2019-7913

Related Vulnerabilities

WordPress Plugin Social Media Widget Serving Spam (4.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0799)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)

PHP CVE-2022-31629 Vulnerability (CVE-2022-31629)

Oracle Database Server CVE-2010-0900 Vulnerability (CVE-2010-0900)

Severity

High

Classification

CVE-2019-7913 CWE-918 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities