Total vulnerabilities in the database
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
| Software | From | Fixed in |
|---|---|---|
| magento / magento | - | 2.3.6 |
| magento / magento | 2.4.1 | 2.4.1.x |
| magento / magento | 2.4.0 | 2.4.0.x |
| magento / magento | 2.4.0-p1 | 2.4.0-p1.x |
| magento / magento | 2.3.6 | 2.3.6.x |