Description
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form DB Cross-Site Scripting (2.10.29)
WordPress Plugin Mingle Forum Multiple Cross-Site Scripting Vulnerabilities (1.0.33)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)
WordPress Plugin RSS Includes Pages Unspecified Vulnerability (3.1)