Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

CVE-2019-7925

Related Vulnerabilities

Oracle JRE CVE-2013-2466 Vulnerability (CVE-2013-2466)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.7)

Internet Information Services Other Vulnerability (CVE-2000-0167)

Oracle Database Server CVE-2009-1993 Vulnerability (CVE-2009-1993)

WordPress Plugin Widget Logic Cross-Site Request Forgery (5.10.2)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities