Description
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-1999-0238)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)
ownCloud Other Vulnerability (CVE-2012-5057)
WordPress Other Vulnerability (CVE-2007-3240)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2987)