WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7947)

Description

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-8450)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-3281)

WordPress Plugin WordPress Landing Page-Squeeze Page-Responsive Landing Page Builder Free-WP Lead Plus X Multiple Vulnerabilities (0.98)

WordPress Plugin WP Content Copy Protection & No Right Click Cross-Site Request Forgery (3.1.5)

WordPress Plugin Easy Pixels Unspecified Vulnerability (1.8.2)

Severity

Medium

Classification

CVE-2019-7947 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities