Description

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.

Remediation

References

CVE-2019-7911

Related Vulnerabilities

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40492)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4519)

Sqlite Out-of-bounds Read Vulnerability (CVE-2019-8457)

WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)

Severity

High

Classification

CVE-2019-7911 CWE-918 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities