Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

Remediation

References

CVE-2019-8235

Related Vulnerabilities

OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login SQL Injection (5.0.2.1)

WordPress Plugin WordPress Simple Shopping Cart Cross-Site Scripting (4.6.1)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

WordPress Plugin Simple Events Calendar SQL Injection (1.4.0)

Severity

Medium

Classification

CVE-2019-8235 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities