Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Remediation

References

CVE-2019-7873

Related Vulnerabilities

MySQL CVE-2013-3807 Vulnerability (CVE-2013-3807)

WebLogic CVE-2021-2211 Vulnerability (CVE-2021-2211)

WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)

Severity

Medium

Classification

CVE-2019-7873 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities