Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

WebLogic CVE-2021-2157 Vulnerability (CVE-2021-2157)

Oracle Database Server CVE-2009-1007 Vulnerability (CVE-2009-1007)

PHP Use After Free Vulnerability (CVE-2021-21708)

Oracle Database Server Credentials Management Errors Vulnerability (CVE-2007-6260)

WordPress Plugin Stetic Cross-Site Request Forgery (1.0.6)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities