Description

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.

Remediation

References

CVE-2020-24400

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1888)

WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)

WordPress Plugin SEO SearchTerms Tagging 2 Multiple Vulnerabilities (1.535)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.0.10)

Microsoft SQL Server CVE-2023-36730 Vulnerability (CVE-2023-36730)

Severity

High

Classification

CVE-2020-24400 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Tags

Missing Update Known Vulnerabilities