Description

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.

Remediation

References

CVE-2018-5301

Related Vulnerabilities

WordPress Plugin Power Zoomer Arbitrary File Upload (1.2)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999046)

WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Unspecified Vulnerability (1.2.6)

WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)

Severity

Medium

Classification

CVE-2018-5301 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities