CVE-2020-24407

Name of the Vulnerable Software and Affected Versions Magento versions 2.4.0 and 2.3.5p1 (and earlier)

Description The issue is related to an unsafe file upload vulnerability, which could result in arbitrary code execution. This could be exploited by authenticated users with administrative permissions to the System/Data and Transfer/Import components. The vulnerability is associated with a lack of restrictions on file uploads, allowing a remote attacker to execute arbitrary code.

Recommendations For Magento versions 2.4.0 and 2.3.5p1 (and earlier), consider restricting access to the System/Data and Transfer/Import components to minimize the risk of exploitation. As a temporary workaround, limit the file upload functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.