Description
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
Remediation
References
Related Vulnerabilities
LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)
MySQL CVE-2014-4260 Vulnerability (CVE-2014-4260)
Oracle Database Server CVE-2009-1993 Vulnerability (CVE-2009-1993)
WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)
Internet Information Services Other Vulnerability (CVE-2001-0337)