Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-8133

  • EPSS 0.05%
  • Veröffentlicht 06.11.2019 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:49:20

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subs...

8.8

CVE-2019-8134

  • EPSS 0.13%
  • Veröffentlicht 06.11.2019 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:49:20

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.

9.8

CVE-2019-8135

  • EPSS 1%
  • Veröffentlicht 06.11.2019 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:49:21

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to...

7.2

CVE-2019-8114

  • EPSS 1.2%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code vi...

4.8

CVE-2019-8115

  • EPSS 2.14%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:18

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creati...

7.5

CVE-2019-8116

  • EPSS 0.39%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:18

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to c...

5.4

CVE-2019-8117

  • EPSS 0.15%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.

5.3

CVE-2019-8118

  • EPSS 0.05%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

7.2

CVE-2019-8119

  • EPSS 1.81%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject c...

5.4

CVE-2019-8120

  • EPSS 0.18%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request rel...