Description
Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3600 Vulnerability (CVE-2017-3600)
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.12)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-1941)
Internet Information Services Other Vulnerability (CVE-2002-1694)
WordPress Plugin WordPress Payments-GetPaid Cross-Site Scripting (2.3.3)