Insecure Direct Object Vulnerability in Magento Checkout Module Leads to Sensitive Information Disclosure
CVE-2021-21012 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
Learn more about our Web Application Penetration Testing UK.