Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Remediation

References

CVE-2019-7873

Related Vulnerabilities

Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)

WordPress Plugin Flamingo CSV Injection (2.1)

WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)

PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5279)

Oracle Application Server Other Vulnerability (CVE-2002-0568)

Severity

Medium

Classification

CVE-2019-7873 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities