Description
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
Remediation
References
Related Vulnerabilities
Claroline Other Vulnerability (CVE-2006-1596)
WordPress Plugin Content Aware Sidebars-Unlimited Widget Areas Security Bypass (3.8)
WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.6)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2021-4104)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)