Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.4.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-21014
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin ...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
1 Github repository
8.5
CVSSv2
CVE-2021-21015
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authentica...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
9
CVSSv2
CVE-2021-21018
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacke...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
6.5
CVSSv2
CVE-2021-21019
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the adm...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4.3
CVSSv2
CVE-2021-21022
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
6.5
CVSSv2
CVE-2021-21024
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an una...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
3.5
CVSSv2
CVE-2021-21023
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victi...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
6.5
CVSSv2
CVE-2021-21025
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4
CVSSv2
CVE-2021-21026
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
3.5
CVSSv2
CVE-2021-21029
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution i...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.0
Magento Magento 2.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »