Description
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.
Remediation
References
Related Vulnerabilities
WordPress Plugin Business Hours Pro Arbitrary File Upload (5.5.0)
WordPress Plugin Quiz Tool Lite Multiple Cross-Site Scripting Vulnerabilities (2.3.15)
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)
WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (3.0.7)