Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-7852 - Vulnerability Database
Magento

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-7852

Medium
Reference: CVE-2019-7852
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7852
Title: Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel disclosing its location to potentially unauthorized parties.