Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

WordPress Plugin WP FullCalendar Security Bypass (1.4.1)

phpMyAdmin Other Vulnerability (CVE-2004-1147)

WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)

PHP Other Vulnerability (CVE-2005-0525)

Oracle Application Server Other Vulnerability (CVE-2006-3708)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities