Insecure Direct Object Vulnerability in Magento Checkout Module Leads to Sensitive Information Disclosure

Insecure Direct Object Vulnerability in Magento Checkout Module Leads to Sensitive Information Disclosure

CVE-2021-21012 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.

Learn more about our Web Application Penetration Testing UK.