Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Remediation

References

CVE-2019-7890

Related Vulnerabilities

WordPress Plugin Admin PHP Eval Unspecified Vulnerability (1.0)

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)

Drupal Core Remote Code Execution (8.0.0 - 9.2.21)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (7.1.12)

Severity

High

Classification

CVE-2019-7890 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities