Improper Input Validation Vulnerability in Magento Commerce Allows Price Manipulation during Checkout

Improper Input Validation Vulnerability in Magento Commerce Allows Price Manipulation during Checkout

CVE-2021-36030 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

Learn more about our Web Application Penetration Testing UK.