Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2006-1516)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410)

WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)

WordPress Plugin FileBird-WordPress Media Library Folders & File Manager Cross-Site Scripting (2.4)

WordPress Plugin PollDeep Arbitrary File Upload (1.2)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities