Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.5 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
9.3
CVSSv2
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
9
CVSSv2
CVE-2020-24407
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
8.5
CVSSv2
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
8.5
CVSSv2
CVE-2020-9692
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
6.8
CVSSv2
CVE-2015-5161
The Zend_Xml_Security::scan in ZendXml prior to 1.0.1 and Zend Framework prior to 1.12.14, 2.x prior to 2.4.6, and 2.5.x prior to 2.5.2, when running under PHP-FPM in a threaded environment, allows remote malicious users to bypass security checks and conduct XML external entity (...
Zend Zend Framework 1.0.0
Zend Zend Framework 1.5.0
Zend Zend Framework 1.5.1
Zend Zend Framework 1.6.1
Zend Zend Framework 1.6.2
Zend Zend Framework 1.7.3
Zend Zend Framework 1.7.4
Zend Zend Framework 1.8.0
Zend Zend Framework 1.8.1
Zend Zend Framework 1.9.0
Zend Zend Framework 1.9.5
Zend Zend Framework 1.9.6
Zend Zend Framework 1.10.2
Zend Zend Framework 1.10.3
Zend Zend Framework 1.11.0
Zend Zend Framework 1.11.6
Zend Zend Framework 1.11.7
Zend Zend Framework 1.11.8
Zend Zend Framework 1.12.0
Zend Zend Framework 1.12.5
Zend Zend Framework 1.12.6
Zend Zend Framework 2.0.0
2 EDB exploits
5.5
CVSSv2
CVE-2020-24402
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
5.5
CVSSv2
CVE-2020-24404
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without auth...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
5.5
CVSSv2
CVE-2020-24400
Magento versions 2.4.0 and 2.3.5 (and previous versions) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data fr...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
5.5
CVSSv2
CVE-2020-24401
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »