Insecure Direct Object Reference (IDOR) Vulnerability in Magento Product Module

Insecure Direct Object Reference (IDOR) Vulnerability in Magento Product Module

CVE-2021-21022 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Learn more about our Web Application Penetration Testing UK.