Description

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.

Remediation

References

CVE-2019-7852

Related Vulnerabilities

WordPress Plugin Contact Form DB Cross-Site Scripting (2.10.29)

WordPress Plugin Mingle Forum Multiple Cross-Site Scripting Vulnerabilities (1.0.33)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

WordPress Plugin RSS Includes Pages Unspecified Vulnerability (3.1)

Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740)

Severity

Medium

Classification

CVE-2019-7852 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities