Description
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
MySQL CVE-2021-2299 Vulnerability (CVE-2021-2299)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Scripting (3.0.38)