CVE-2020-24400

SQL Injection in packagist/magento/community-edition

Identifier

CVE-2020-24400

Package Slug

packagist/magento/community-edition

Vulnerability

SQL Injection

Description

Magento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.

Affected Versions

All versions before 2.3.6, version 2.4.0

Solution

Upgrade to versions 2.3.6, 2.4.1 or above.

Last Modified

2020-11-15

source