CVE-2020-24400
packagist/magento/community-edition
SQL Injection
Magento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
All versions before 2.3.6, version 2.4.0
Upgrade to versions 2.3.6, 2.4.1 or above.
2020-11-15
source |