Medium severity6.5NVD Advisory· Published Aug 2, 2019· Updated Jun 17, 2026
CVE-2019-7851
CVE-2019-7851
Description
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.1.0, < 2.1.18 | 2.1.18 |
magento/community-editionPackagist | >= 2.2.0, < 2.2.9 | 2.2.9 |
magento/community-editionPackagist | >= 2.3.0, < 2.3.2 | 2.3.2 |
Affected products
2- Range: Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mhvf-j94g-3qp7ghsaADVISORY
- magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2019-7851ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7851.yamlghsaWEB
- web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33ghsaWEB
News mentions
0No linked articles in our index yet.