Magento

Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-8107

  • EPSS 0.12%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.

6.5

CVE-2019-8108

  • EPSS 0.11%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authen...

8

CVE-2019-8109

  • EPSS 0.42%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.

8.8

CVE-2019-8110

  • EPSS 1.13%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to ...

8.8

CVE-2019-8111

  • EPSS 1.13%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that ...

7.5

CVE-2019-8112

  • EPSS 0.1%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the P...

5.3

CVE-2019-8113

  • EPSS 0.1%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:18

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

6.5

CVE-2019-8090

  • EPSS 0.11%
  • Published 05.11.2019 22:15:14
  • Last modified 21.11.2024 04:49:15

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

6.5

CVE-2019-8235

  • EPSS 0.21%
  • Published 30.10.2019 00:15:12
  • Last modified 21.11.2024 04:49:32

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user du...

6.1

CVE-2019-7939

  • EPSS 0.15%
  • Published 02.08.2019 22:15:19
  • Last modified 21.11.2024 04:48:59

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in...