Description
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Remediation
References
Related Vulnerabilities
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-40572)
WordPress 5.8 Multiple Vulnerabilities (5.8)
WordPress Plugin Request Quote via Whatsapp for Woocommerce Cross-Site Scripting (1.0.1)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)