Description
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6423)
WordPress Plugin Download Monitor Unspecified Vulnerability (1.9.6)
WordPress Plugin Podlove Podcast Publisher Multiple Vulnerabilities (2.3.15)
Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-20185)
WordPress Plugin AccessPress Social Icons Multiple SQL Injection Vulnerabilities (1.6.6)