Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

CVE-2019-7925

Related Vulnerabilities

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.8.6)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25152)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4833)

Internet Information Services Other Vulnerability (CVE-2003-0226)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities