WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8112)

Description

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.

Remediation

References

Related Vulnerabilities

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.59)

WordPress Plugin Comment Link Remove and Other Comment Tools Cross-Site Request Forgery (2.1.4)

Oracle Application Server CVE-2008-7236 Vulnerability (CVE-2008-7236)

WordPress Plugin ReFlex Gallery 'php.php' Arbitrary File Upload (1.4.6)

WordPress Plugin Daily Prayer Time SQL Injection (2022.02.28)

Severity

High

Classification

CVE-2019-8112 CWE-345 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities