Description

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Remediation

References

CVE-2019-7864

Related Vulnerabilities

Moodle Incorrect Authorization Vulnerability (CVE-2022-0984)

WordPress Plugin KJM Admin Notices Cross-Site Scripting (2.0.1)

WordPress Plugin SupportEzzy Ticket System Cross-Site Scripting (1.2.5)

Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-23127)

WordPress Plugin Contact Form 7 Captcha Cross-Site Request Forgery (0.0.8)

Severity

Medium

Classification

CVE-2019-7864 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities