Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Magento | Magento | * | 1.9.4.4 (including) |
Magento | Magento | * | 1.14.4.4 (including) |
Magento | Magento | 2.2.0 (including) | 2.2.11 (including) |
Magento | Magento | 2.3.0 (including) | 2.3.4 (including) |