Description

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7899

Related Vulnerabilities

WordPress Plugin Thumbnail carousel slider Arbitrary File Upload (1.0)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.1.9)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.11)

WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)

Severity

Medium

Classification

CVE-2019-7899 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities