Description
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
Remediation
References
Related Vulnerabilities
WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11)
WordPress Plugin OMFG Mobile Pro Cross-Site Scripting (1.1.26)
WordPress Plugin MAC PHOTO GALLERY 'upload-file.php' Arbitrary File Upload (2.7)
WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)
XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-26476)