Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

CVE-2019-7925

Related Vulnerabilities

WordPress Plugin Car Demon Multiple Vulnerabilities (1.7.97)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6332)

WordPress Plugin Affiliates Manager Cross-Site Request Forgery (2.6.5)

OpenSSL Use of Insufficiently Random Values Vulnerability (CVE-2019-1549)

MySQL CVE-2021-35597 Vulnerability (CVE-2021-35597)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities