Description

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.

Remediation

References

CVE-2020-24407

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2010-3681)

WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Request Forgery (6.1.4.1)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

WordPress Plugin Event Espresso 4 Decaf-Event Registration Event Ticketing Cross-Site Request Forgery (4.9.82)

Internet Information Services Other Vulnerability (CVE-2000-0024)

Severity

Critical

Classification

CVE-2020-24407 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities