Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.1, 2.2, and 2.3

Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.1, 2.2, and 2.3

CVE-2019-7925 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

Learn more about our Web Application Penetration Testing UK.