2 matches found
CVE-2019-7925
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...
CVE-2019-7925
CVE-2019-7925 describes an insecure direct object reference (IDOR) in Magento 2.1.x/2.2.x/2.3.x prior to 2.1.18, 2.2.9, 2.3.2, respectively. An administrator with limited privileges can delete the downloadable products folder. Root cause: IDOR in the handling of downloadable product folders. Impa...