Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Input Validation Vulnerability (CVE-2019-7899)

Description

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

Related Vulnerabilities

Django Incorrect Regular Expression Vulnerability (CVE-2018-7537)

WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)

MySQL CVE-2022-21284 Vulnerability (CVE-2022-21284)

WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6422)

Severity

Medium

Classification

CVE-2019-7899 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities