| |
Vulnerability CVE-2019-7923
Published: 2019-08-02 Modified: 2019-08-03
Description: |
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. |
Type:
CWE-918
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
|
|
|
Copyright 2024, cxsecurity.com
|
|
|