Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
Remediation
References
Related Vulnerabilities
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0929)
WordPress Plugin Dean's Permalinks Migration Cross-Site Request Forgery (1.0)
WordPress Plugin YITH WooCommerce Multi-step Checkout Security Bypass (1.7.4)
phpMyAdmin Cryptographic Issues Vulnerability (CVE-2016-9847)