Description
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.1.14)
MySQL CVE-2025-50103 Vulnerability (CVE-2025-50103)
WordPress Plugin Csv2WPeC Coupon Arbitrary File Upload (1.1)
WordPress Plugin Lifeline Donation Security Bypass (1.2.6)
WordPress 4.3.x Cross-Domain Flash Injection Vulnerability (4.3 - 4.3.14)