Description
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Remediation
References
Related Vulnerabilities
Dolibarr Incorrect Authorization Vulnerability (CVE-2020-12669)
WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)
WordPress Plugin WPS Cleaner Multiple Cross-Site Request Forgery Vulnerabilities (1.4.4)
Apache Tomcat Other Vulnerability (CVE-2011-2481)
Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)