PT-2019-18827 · Adobe · Magento
Published
2019-08-02
·
Updated
2022-05-24
·
CVE-2019-7925
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Magento 2.1 versions prior to 2.1.18
Magento 2.2 versions prior to 2.2.9
Magento 2.3 versions prior to 2.3.2
Description
An insecure direct object reference (IDOR) issue exists, allowing an administrator with limited privileges to delete the downloadable products folder.
Recommendations
For Magento 2.1 versions prior to 2.1.18, update to version 2.1.18 or later.
For Magento 2.2 versions prior to 2.2.9, update to version 2.2.9 or later.
For Magento 2.3 versions prior to 2.3.2, update to version 2.3.2 or later.
Exploit
Fix
IDOR
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento