3 matches found
CVE-2019-8151
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...
CVE-2019-8151
creationtimestamp| type| source ---|---|--- 2024-02-04 15:51:13+00:00| seen| https://t.me/ctinow/178858...
CVE-2019-8151
CVE-2019-8151 affects Magento: versions 2.2 before 2.2.10 and 2.3 before 2.3.3, or 2.3.2-p1, are vulnerable. It requires an authenticated admin to manipulate shipping settings and can lead to remote code execution via server-side request forgery caused by unsafe handling of a carrier gateway. The...