Description

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7899

Related Vulnerabilities

MySQL CVE-2017-3635 Vulnerability (CVE-2017-3635)

WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.1)

Sqlite Out-of-bounds Read Vulnerability (CVE-2017-10989)

WordPress Plugin Myftp SQL Injection (2.0)

Oracle Database Server CVE-2009-1970 Vulnerability (CVE-2009-1970)

Severity

Medium

Classification

CVE-2019-7899 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities