Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-8151
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8091
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
Magento Magento
2 Github repositories
6.5
CVSSv2
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8110
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an malicious user to execute arbitrary code.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8114
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8122
A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execu...
Magento Magento
6.5
CVSSv2
CVE-2019-8125
A remote code execution vulnerability exists in Magento 1 before 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
Magento Magento
6.5
CVSSv2
CVE-2019-8127
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively pe...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8111
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an malicious user to execut...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8119
A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination ...
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »