CVE-2020-24400
SQL Injection in packagist/magento/community-edition
Identifiers
CVE-2020-24400
Package Slug
packagist/magento/community-edition
Vulnerability
SQL Injection
Description
Magento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
Affected Versions
All versions before 2.3.6, version 2.4.0
Solution
Upgrade to versions 2.3.6, 2.4.1 or above.
Last Modified
2020-11-15
| source |