Description

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.

Remediation

References

CVE-2019-7888

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8134)

WordPress Plugin WPS Hide Login Cross-Site Request Forgery (1.0)

Sqlite Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19925)

Oracle Application Server Resource Management Errors Vulnerability (CVE-2007-2120)

WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)

Severity

Medium

Classification

CVE-2019-7888 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities