Description
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-5068 Vulnerability (CVE-2012-5068)
WordPress Plugin Answer My Question Cross-Site Scripting (1.3)
WordPress Plugin PayPal for WooCommerce Security Bypass (1.5.7)
MediaWiki Insufficiently Protected Credentials Vulnerability (CVE-2020-35623)
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-0819)