Description
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.33)
MediaWiki Improper Access Control Vulnerability (CVE-2016-6337)