Description

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Remediation

References

CVE-2019-7925

Related Vulnerabilities

MySQL CVE-2023-21877 Vulnerability (CVE-2023-21877)

WordPress Plugin Qtranslate Slug Unspecified Vulnerability (1.1.16)

PHP Other Vulnerability (CVE-2015-1352)

WordPress 'swfupload.swf' Cross-Site Scripting Vulnerability (2.5 - 3.3.1)

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2098)

Severity

Medium

Classification

CVE-2019-7925 CWE-639 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities