Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-8107

  • EPSS 0.12%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.

6.5

CVE-2019-8108

  • EPSS 0.11%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authen...

8

CVE-2019-8109

  • EPSS 0.42%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.

8.8

CVE-2019-8110

  • EPSS 1.13%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to ...

8.8

CVE-2019-8111

  • EPSS 1.13%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that ...

7.5

CVE-2019-8112

  • EPSS 0.1%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the P...

5.3

CVE-2019-8113

  • EPSS 0.1%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:18

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

6.5

CVE-2019-8090

  • EPSS 0.11%
  • Veröffentlicht 05.11.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:49:15

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

6.5

CVE-2019-8235

  • EPSS 0.21%
  • Veröffentlicht 30.10.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:32

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user du...

6.1

CVE-2019-7939

  • EPSS 0.15%
  • Veröffentlicht 02.08.2019 22:15:19
  • Zuletzt bearbeitet 21.11.2024 04:48:59

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in...