Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.3 and Earlier Versions

Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.3 and Earlier Versions

CVE-2019-8235 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

Learn more about our User Device Pen Test.