Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)

Ruby Numeric Errors Vulnerability (CVE-2008-2726)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Arbitrary File Upload (1.06.02)

MySQL CVE-2022-21256 Vulnerability (CVE-2022-21256)

WordPress 4.1.x PHP Object Injection (4.1 - 4.1.32)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities