WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Input Validation Vulnerability (CVE-2019-7898)

Description

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

Remediation

References

Related Vulnerabilities

WordPress Plugin Theme Test Drive Multiple Vulnerabilities (2.9)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Information Disclosure (3.4.7)

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)

WordPress Plugin ULTIMATE TABLES SQL Injection (1.5)

Severity

Medium

Classification

CVE-2019-7898 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities