Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 1.14.1.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parame...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
1 EDB exploit
1 Github repository
6.5
CVSSv2
CVE-2015-1398
Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involv...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
6.5
CVSSv2
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors ...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
5
CVSSv2
CVE-2015-3457
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote malicious users to bypass authentication via the forwarded parameter.
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
6.5
CVSSv2
CVE-2015-3458
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP f...
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started