Description
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Remediation
References
Related Vulnerabilities
PleskWin Other Vulnerability (CVE-2013-0133)
WordPress Plugin Follow Me Cross-Site Request Forgery (3.1.1)
Moodle CVE-2022-40314 Vulnerability (CVE-2022-40314)
Oracle Application Server Other Vulnerability (CVE-2000-1235)
WordPress Plugin WP Content Copy Protection & No Right Click Cross-Site Request Forgery (3.1.5)