Description
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098)
Django Download of Code Without Integrity Check Vulnerability (CVE-2022-36359)
WordPress Plugin RSS Feed Widget Cross-Site Scripting (2.8.0)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0198)