Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-7859
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Magento Magento
5
CVSSv2
CVE-2019-7858
A cryptographic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9 and Magento 2.3 before 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Magento Magento
5
CVSSv2
CVE-2019-7864
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
6.5
CVSSv2
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Magento Magento
7.5
CVSSv2
CVE-2019-7890
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
4.3
CVSSv2
CVE-2019-7877
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
Magento Magento
3.5
CVSSv2
CVE-2019-7881
A cross-site scripting mitigation bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
Magento Magento
4
CVSSv2
CVE-2019-7888
An information disclosure vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.
Magento Magento
7.5
CVSSv2
CVE-2019-7139
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
3.5
CVSSv2
CVE-2019-7863
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to products and categories.
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »