The description of the hotfix SUPEE-11086 is as follows:
SUPEE-11086, Magento Commerce 18.104.22.168 and Open Source 22.214.171.124 contain
several security enhancements that help to shut down remote code execution
(RCE), intersite scripting (XSS), intersite query forgery (CSRF)
and other vulnerabilities.
Also includes a fix for SQL Injection with CVSSv3 Severity: 9.0
An unauthenticated user can execute arbitrary code via SQL
Injection vulnerability, which causes leakage of sensitive data.
Are there any problems or problems that we can expect from this fix?