CVE-2020-24407

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24407

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24407.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-24407

Aliases

Published

2020-11-09T01:15:12.990Z

Modified

2026-03-14T10:23:25.811649Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.

References

https://helpx.adobe.com/security/products/magento/apsb20-59.html

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type

GIT

Repo

https://github.com/magento/devdocs

Events

Introduced

Fixed

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Fixed

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Last affected

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Last affected

b69fab3da87a1536e1a583e51c8115e3f843609b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-NA"
        }
    ]
}

Type

GIT

Repo

https://github.com/magento/magento2

Events

Introduced

Last affected

13c18d0b3f2e3fa53b317db5452eaab3d28dbeca

Introduced

Last affected

13c18d0b3f2e3fa53b317db5452eaab3d28dbeca

Introduced

Last affected

6729b6e01368248abc33300208eb292c95050203

Introduced

Last affected

6729b6e01368248abc33300208eb292c95050203

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        }
    ]
}

Affected versions

0.*

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.42.0-beta1

0.42.0-beta10

0.42.0-beta11

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.74.0-beta1

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

1.*

1.0.0-beta

2.*

2.0.0

2.0.0-rc

2.0.0-rc2

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.8

2.0.9

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.0-RC1.1

2.2.0-RC1.2

2.2.0-RC1.3

2.2.0-RC1.4

2.2.0-RC1.5

2.2.0-RC1.6

2.2.0-RC1.8

2.2.0-rc2.0

2.2.0-rc2.1

2.2.0-rc2.2

2.2.0-rc2.3

2.2.0-rc3.0

2.2.1

2.2.10

2.2.11

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.1

2.3.2

2.3.2-p1

2.3.3

2.3.3-p1

2.3.4

2.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24407.json"