Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-8156
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8157
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.
Magento Magento 2.3.2
Magento Magento
9.8
CVSSv3
CVE-2019-8158
An XPath entity injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET...
Magento Magento
Magento Magento 2.3.2
6.6
CVSSv3
CVE-2019-8232
In Magento before 1.9.4.3, Magento before 1.14.4.3, Magento 2.2 before 2.2.10, and Magento 2.3 before 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configura...
Magento Magento 2.3.2
Magento Magento
8.8
CVSSv3
CVE-2019-8111
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an malicious user to execut...
Magento Magento
Magento Magento 2.3.2
7.5
CVSSv3
CVE-2019-8116
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Magento Magento 2.3.2
Magento Magento
4.9
CVSSv3
CVE-2019-8126
An XML entity injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing...
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8130
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8137
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
Magento Magento 2.3.2
Magento Magento
7.2
CVSSv3
CVE-2019-8141
A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in th...
Magento Magento 2.3.2
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »