Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento 2.4.0
Magento Magento
6.5
CVSSv3
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8092
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv3
CVE-2019-8107
An arbitrary file deletion vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
Magento Magento
Magento Magento 2.3.2
8
CVSSv3
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8134
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv3
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento 2.3.5
Magento Magento
4.2
CVSSv3
CVE-2020-9690
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Magento Magento 2.3.5
Magento Magento
9.6
CVSSv3
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento 2.3.5
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »