Description

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Remediation

References

CVE-2019-7864

Related Vulnerabilities

WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (4.0.48)

Microsoft SQL Server Other Vulnerability (CVE-2000-0485)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

WordPress Plugin WooCommerce PayU India (PayUmoney-PayUbiz) Parameter Tampering (2.1.1)

Moodle CVE-2019-14880 Vulnerability (CVE-2019-14880)

Severity

Medium

Classification

CVE-2019-7864 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities