Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-8156
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
Magento Magento
Magento Magento 2.3.2
6
CVSSv2
CVE-2019-8232
In Magento before 1.9.4.3, Magento before 1.14.4.3, Magento 2.2 before 2.2.10, and Magento 2.3 before 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configura...
Magento Magento 2.3.2
Magento Magento
7.5
CVSSv2
CVE-2019-8149
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2020-9690
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Magento Magento
Magento Magento 2.3.5
6.5
CVSSv2
CVE-2015-1398
Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involv...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
6.5
CVSSv2
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors ...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
5
CVSSv2
CVE-2015-3457
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote malicious users to bypass authentication via the forwarded parameter.
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
6.5
CVSSv2
CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parame...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
1 EDB exploit
1 Github repository
6.5
CVSSv2
CVE-2015-3458
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP f...
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
NA
CVE-2022-42344
Adobe Commerce versions 2.4.3-p2 (and previous versions), 2.3.7-p3 (and previous versions) and 2.4.4 (and previous versions) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and priv...
Magento Magento
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce
Magento Magento 2.4.4
Magento Magento 2.4.3
Magento Magento 2.3.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »