Description

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.

Remediation

References

CVE-2019-7888

Related Vulnerabilities

Drupal Incorrect Authorization Vulnerability (CVE-2020-13676)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)

WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)

Oracle Database Server Other Vulnerability (CVE-2006-1869)

Severity

Medium

Classification

CVE-2019-7888 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities