Description

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

Remediation

References

CVE-2019-7898

Related Vulnerabilities

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27422)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4321)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-12854)

WordPress Plugin LearnPress-WordPress LMS Multiple Vulnerabilities (4.1.7.3.2)

MySQL CVE-2024-21198 Vulnerability (CVE-2024-21198)

Severity

Medium

Classification

CVE-2019-7898 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities