Lucene search

K
osvGoogleOSV:CVE-2020-24407
HistoryNov 09, 2020 - 1:15 a.m.

CVE-2020-24407

2020-11-0901:15:12
Google
osv.dev
23
magento
file upload vulnerability
arbitrary code execution
administrative permissions
software

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

36.3%

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

36.3%