Arbitrary Code Execution via Server-Side Request Forgery in Magento

Arbitrary Code Execution via Server-Side Request Forgery in Magento

CVE-2019-7892 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.

Learn more about our Cis Benchmark Audit For Server Software.