Description
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Pro Cross-Site Scripting (3.1.9)
PrestaShop CVE-2023-39529 Vulnerability (CVE-2023-39529)
Oracle Database Server CVE-2015-4925 Vulnerability (CVE-2015-4925)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)
WordPress Plugin Live Search for WooCommerce Security Bypass (2.0.2)