Описание
Magento Blind SQL Injection in the Search module
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
Пакеты
magento/community-edition
< 2.3.6-p1
2.3.6-p1
magento/community-edition
>= 2.4.0, < 2.4.1-p1
2.4.1-p1
Связанные уязвимости
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
Уязвимость программной платформы для разработки и управления онлайн магазинами Magento Commerce, связанная с отсутствием мер по защите структур SQL запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации