Description
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2010-0066 Vulnerability (CVE-2010-0066)
WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.3)
WordPress Plugin WooCommerce Cross-Site Scripting (5.1.0)
WordPress Plugin Far Future Expiry Header Cross-Site Request Forgery (1.4)