9 matches found
CVE-2019-7892
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...
Magento Server-Side Request Forgery (SSRF)
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...
GHSA-W3R8-FXV5-58PP Magento 2 Community Edition RCE Vulnerability via SSRF
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...
Magento 2 Community Edition RCE Vulnerability via SSRF
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...
Remote code execution
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...
CVE-2019-8151
CVE-2019-8151 affects Magento: versions 2.2 before 2.2.10 and 2.3 before 2.3.3, or 2.3.2-p1, are vulnerable. It requires an authenticated admin to manipulate shipping settings and can lead to remote code execution via server-side request forgery caused by unsafe handling of a carrier gateway. The...
Server Side Request Forgery (SSRF)
magento/community-edition is vulnerable to server side request forgery SSRF. The vulnerability exists as an admin can manipulate shipment settings to execute arbitrary code...
CVE-2019-7923
A server-side request forgery SSRF vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code...
CVE-2019-7892
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...