CVE-2019-7857Cross-Site Request Forgery in Magento

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 90.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 2
Timeline
PublishedAug 2
Latest updateMay 24

Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDmagento/magento2.1.02.1.18+2
Packagistmagento/community-edition2.2.02.2.9+2
CVEListV5adobe_systems_incorporated/magento_2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

🔴Vulnerability Details

3
GHSA
Magento Cross-Site Request Forgery (CSRF)2022-05-24
OSV
Magento Cross-Site Request Forgery (CSRF)2022-05-24
CVEList
CVE-2019-7857: A cross-site request forgery vulnerability in Magento 22019-08-02
CVE-2019-7857 — Cross-Site Request Forgery in Magento | cvebase