7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.4%
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23