Description

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.

Remediation

References

CVE-2019-7911

Related Vulnerabilities

WordPress Plugin Appointment Booking Calendar CSV Injection (1.3.34)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21365)

WordPress Plugin Visitors Online by BestWebSoft Cross-Site Scripting (0.9)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)

WordPress Plugin All Category SEO Updater Cross-Site Scripting (0.2.7)

Severity

High

Classification

CVE-2019-7911 CWE-918 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities