Description
Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45364)
WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)
Oracle Database Server CVE-2006-0283 Vulnerability (CVE-2006-0283)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.36)
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)