Description
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.
Remediation
References
Related Vulnerabilities
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)
Oracle Application Server Other Vulnerability (CVE-2002-1632)
WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.24)
WordPress Plugin LearnPress-WordPress LMS Multiple Vulnerabilities (4.1.7.3.2)