Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-7871
A security bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
Magento Magento
6.5
CVSSv2
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Magento Magento
6.5
CVSSv2
CVE-2019-7885
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This vulnerability could be abused by an authenticated user with the ability to c...
Magento Magento
6.5
CVSSv2
CVE-2019-7892
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
Magento Magento
6.5
CVSSv2
CVE-2019-7895
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.
Magento Magento
6.5
CVSSv2
CVE-2019-7896
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and X...
Magento Magento
6.5
CVSSv2
CVE-2019-7903
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.
Magento Magento
6.5
CVSSv2
CVE-2019-7911
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source before 1.9.4.2, and Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to the ...
Magento Magento
6.5
CVSSv2
CVE-2019-7912
A file upload filter bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the mali...
Magento Magento
6.5
CVSSv2
CVE-2019-7913
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »