7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-8151

GHSA ID

GHSA-f73h-224c-62qr

EPSS Score

0.77108%

CWE

CWE-918

Published

5/24/2022

Updated

2/12/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-8151

CVE-2019-8151: Magento Server-Side Request Forgery (SSRF)

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway.

As per the Magento Release 2.3.3, if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.

(GitHub Advisory)

7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-8151

GHSA ID

GHSA-f73h-224c-62qr

EPSS Score

0.77108%

CWE

CWE-918

Published

5/24/2022

Updated

2/12/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	>= 2.2.0, < 2.2.10	2.2.10
magento/community-edition	composer	>= 2.3.0, < 2.3.2-p2	2.3.2-p2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper validation of user-supplied URLs in carrier gateway configurations. Admin users could inject malicious URLs into shipping settings, which are then processed by functions responsible for communicating with external carriers. Functions like _getCachedQuotes (general carrier logic) and _doShipmentRequest (USPS-specific implementation) are critical points where unvalidated URLs would be used for server-side requests. These patterns align with the SSRF-to-RCE mechanism described in CVE-2019-8151, and the file paths correspond to Magento's core shipping module structure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in M***nto *.* prior to *.*.**, M***nto *.* prior to *.*.* or *.*.*-p*. *n *ut**nti**t** us*r wit* **min privil***s to m*nipul*t* s*ippm*nt s*ttin*s **n *x**ut* *r*itr*ry *o** t*rou** s*rv*r-si** r*qu*st *

Reasoning

T** vuln*r**ility st*ms *rom improp*r v*li**tion o* us*r-suppli** URLs in **rri*r **t*w*y *on*i*ur*tions. **min us*rs *oul* inj**t m*li*ious URLs into s*ippin* s*ttin*s, w*i** *r* t**n pro**ss** *y *un*tions r*sponsi*l* *or *ommuni**tin* wit* *xt*rn*

7.2

Basic Information

Concerned about an active attack path?

CVE-2019-8151: Magento Server-Side Request Forgery (SSRF)

7.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI