Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)

Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

Related Vulnerabilities

Oracle Application Server CVE-2008-4014 Vulnerability (CVE-2008-4014)

WordPress Plugin WP Maintenance Mode Multiple Vulnerabilities (2.0.3)

MySQL CVE-2020-14794 Vulnerability (CVE-2020-14794)

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7119)

Squid Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-28652)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities