Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)

Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

Related Vulnerabilities

Oracle HTTP Server CVE-2016-0671 Vulnerability (CVE-2016-0671)

Oracle Database Server CVE-2010-2391 Vulnerability (CVE-2010-2391)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

WordPress Plugin Slider Hero with Animation, Video Background Cross-Site Scripting (8.4.3)

Oracle JRE CVE-2013-2468 Vulnerability (CVE-2013-2468)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities