Description

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Remediation

References

CVE-2019-7864

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)

WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)

Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-38002)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3231)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9042)

Severity

Medium

Classification

CVE-2019-7864 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities