PT-2018-16880 · Magento · Magento Community Edition+1

Publicado

2018-01-08

·

Atualizado

2022-05-14

·

CVE-2018-5301

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Magento Community Edition versions prior to 2.0.10 Magento Enterprise Edition versions prior to 2.0.10 Magento Community Edition and Enterprise Edition versions 2.1.x prior to 2.1.2
Description The issue allows for CSRF, resulting in the deletion of a customer address from an address book.
Recommendations For Magento Community Edition versions prior to 2.0.10, update to version 2.0.10 or later. For Magento Enterprise Edition versions prior to 2.0.10, update to version 2.0.10 or later. For Magento Community Edition and Enterprise Edition versions 2.1.x prior to 2.1.2, update to version 2.1.2 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-5301
GHSA-W3MQ-67MW-3P9F

Produtos afetados

Magento Community Edition
Magento Enterprise Edition