Description

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

Remediation

References

CVE-2019-7898

Related Vulnerabilities

Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-1999-0348)

WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.21)

PHP Cryptographic Issues Vulnerability (CVE-2011-3189)

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.23)

WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)

Severity

Medium

Classification

CVE-2019-7898 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities